Пример #1
0
def edit_attr(dict, attr):
    """Edits an attribute in the dictionary dict."""
    completer = readline.get_completer()
    readline.set_completer(None)
    current_value = dict[attr]
    try:
        print "\n# Documentation: %s" % dict[attr + "_doc"]
    except:
        pass

    print "# Current value: %s = %s" % (attr, str(current_value))

    while True:
        new_value = raw_input("#     New value: %s = " % attr)

        if new_value == "":
            new_value = current_value
            print "# Using the current value (%s)" % str(current_value)
            break

        try:
            new_value = double(new_value) # try interpreting as a number
        except:
            pass                # leave as a string

        break

    readline.set_completer(completer)
    return new_value
Пример #2
0
    def main_loop(self):
        readline.parse_and_bind('tab: complete')
        readline.set_completer(self.rl_completer_safe)
        #print 'delims: ', repr(readline.get_completer_delims())

        hist_file = os.path.expanduser("~/.qadmin_history")
        try:
            readline.read_history_file(hist_file)
        except IOError:
            pass

        print "Use 'show help;' to see available commands."
        while 1:
            try:
                ln = self.line_input()
                self.exec_string(ln)
            except KeyboardInterrupt:
                print
            except EOFError:
                print
                break
            self.reset_comp_cache()

        try:
            readline.write_history_file(hist_file)
        except IOError:
            pass
Пример #3
0
def getinput(question, default="", reader=raw_input,
             completer=None, width=_defaultwidth):  # pragma: no cover
    """
    http://stackoverflow.com/questions/2617057/\
            supply-inputs-to-python-unittests
    """
    if reader == raw_input:
        if not _readline_available:
            val = raw_input(question.ljust(width))
            if val:
                return val
            else:
                return default
        else:
            def defaulter():
                """define default behavior startup"""
                if _readline_available:
                    readline.insert_text(default)
                readline.set_startup_hook(defaulter)
                readline.get_completer()
                readline.set_completer(completer)

            x = raw_input(question.ljust(width))
            readline.set_completer(completer)
            readline.set_startup_hook()
            if not x:
                return default
            return x
    else:
        return reader()
Пример #4
0
def runInteractive(locals):
	prompt = "ToMaTo"
	import readline, rlcompleter, code
	readline.parse_and_bind("tab: complete")
	readline.set_completer(rlcompleter.Completer(locals).complete)
	console = code.InteractiveConsole(locals)
	console.interact('Type "help()" or "help(method)" for more information.')
Пример #5
0
 def defaulter():
     """define default behavior startup"""
     if _readline_available:
         readline.insert_text(default)
     readline.set_startup_hook(defaulter)
     readline.get_completer()
     readline.set_completer(completer)
Пример #6
0
def run_classic_shell(locals, globals, first_time):
    if first_time:
        banner = "Hit Ctrl-D to return to PuDB."
    else:
        banner = ""

    ns = SetPropagatingDict([locals, globals], locals)

    from pudb.settings import get_save_config_path
    from os.path import join
    hist_file = join(
            get_save_config_path(),
            "shell-history")

    if HAVE_READLINE:
        readline.set_completer(
                rlcompleter.Completer(ns).complete)
        readline.parse_and_bind("tab: complete")
        try:
            readline.read_history_file(hist_file)
        except IOError:
            pass

    from code import InteractiveConsole
    cons = InteractiveConsole(ns)

    cons.interact(banner)

    if HAVE_READLINE:
        readline.write_history_file(hist_file)
Пример #7
0
        def run_plain():
            # Using normal Python shell
            import code
            imported_objects = import_objects(options, self.style)
            try:
                # Try activating rlcompleter, because it's handy.
                import readline
            except ImportError:
                pass
            else:
                # We don't have to wrap the following import in a 'try', because
                # we already know 'readline' was imported successfully.
                import rlcompleter
                readline.set_completer(rlcompleter.Completer(imported_objects).complete)
                readline.parse_and_bind("tab:complete")

            # We want to honor both $PYTHONSTARTUP and .pythonrc.py, so follow system
            # conventions and get $PYTHONSTARTUP first then import user.
            if use_pythonrc:
                pythonrc = os.environ.get("PYTHONSTARTUP")
                if pythonrc and os.path.isfile(pythonrc):
                    global_ns = {}
                    with open(pythonrc) as rcfile:
                        try:
                            six.exec_(compile(rcfile.read(), pythonrc, 'exec'), global_ns)
                            imported_objects.update(global_ns)
                        except NameError:
                            pass
                # This will import .pythonrc.py as a side-effect
                try:
                    import user  # NOQA
                except ImportError:
                    pass
            code.interact(local=imported_objects)
Пример #8
0
def prompt_value_int(label):
    readline.set_completer(None)
    while True:
        try:
            return int(raw_input(label))
        except ValueError:
            print "Not a valid integer"
Пример #9
0
    def cmdloop(self, intro=None):
        self.old_completer = readline.get_completer()
        self.old_completer_delims = readline.get_completer_delims()
        readline.set_completer(self.complete)
        readline.parse_and_bind(self.completekey+": complete")
        readline.parse_and_bind("set bell-style none")
        readline.parse_and_bind("set show-all-if-ambiguous")
        readline.parse_and_bind("set completion-query-items -1")

        # If press help key, add the character and accept the line
        readline.parse_and_bind('"?": "\C-q?\C-j"')
        # Register a function for execute before read user
        # input. We can use it for insert text at command line
        readline.set_pre_input_hook(self.pre_input_hook)
        readline.set_completer_delims(' \t\n')

        try:
            stop = None
            while not stop:
                try:
                    line = raw_input(self.prompt)
                except EOFError:
                    line = 'EOF'

                stop = self.onecmd(line)
                stop = self.postcmd(stop, line)
        finally:
            readline.set_completer(self.old_completer)
            readline.set_completer_delims(self.old_completer_delims)
Пример #10
0
def file_chooser(prompt_text = "Enter File: ", default=None, filearg=[], filekwarg={}):
    """A simple tool to get a file from the user. Takes keyworded arguemnts
    and passes them to open().
    
    If the user enters nothing the function will return the ``default`` value.
    Otherwise it continues to prompt the user until it get's a decent response.
    
    filekwarg may contain arguements passed on to ``open()``.
    """
    try:
        import readline, rlcomplete
        completer = rlcomplete.PathCompleter()
        readline.set_completer_delims(completer.delims)
        readline.parse_and_bind("tab: complete")
        readline.set_completer(completer.complete)
    except ImportError:
        pass
    while True:
        f = raw_input(prompt_text)
        if f == '': return default
        f = os.path.expanduser(f)
        if len(f) != 0 and f[0] == os.path.sep:
            f = os.path.abspath(f)
        try:
            return open(f, *filearg, **filekwarg)
        except IOError, e:
            stderr.write(ERROR_MESSAGE % ("unable to open %s : %s" % (f, e)))
Пример #11
0
    def __init__(self,on_kill=None,*args,**kw):
        code.InteractiveConsole.__init__(self,*args,**kw)
        self.code_to_run = None
        self.ready = threading.Condition()
        self._kill = False
        if on_kill is None:
            on_kill = []
        # Check that all things to kill are callable:
        for _ in on_kill:
            if not callable(_):
                raise TypeError,'on_kill must be a list of callables'
        self.on_kill = on_kill
        # Set up tab-completer
        if has_readline:
            import rlcompleter
            try:  # this form only works with python 2.3
                self.completer = rlcompleter.Completer(self.locals)
            except: # simpler for py2.2
                self.completer = rlcompleter.Completer()

            readline.set_completer(self.completer.complete)
            # Use tab for completions
            readline.parse_and_bind('tab: complete')
            # This forces readline to automatically print the above list when tab
            # completion is set to 'complete'.
            readline.parse_and_bind('set show-all-if-ambiguous on')
            # Bindings for incremental searches in the history. These searches
            # use the string typed so far on the command line and search
            # anything in the previous input history containing them.
            readline.parse_and_bind('"\C-r": reverse-search-history')
            readline.parse_and_bind('"\C-s": forward-search-history')
Пример #12
0
    def __init__(self):
        self.sentCache = {}
        self.commands = {}
        self.acceptingInput = False
        self.lastPrompt = True

        self._queuedCmds = []

        readline.set_completer(self.complete)
        readline.parse_and_bind('tab: complete')

        members = inspect.getmembers(self, predicate = inspect.ismethod)
        for m in members:
            if hasattr(m[1], "clidesc"):
                fname = m[0]
                fn = m[1]
                try:
                    cmd, subcommand = fname.split('_')
                except ValueError:
                    cmd = fname
                    subcommand = "_"


                if not cmd in self.commands:
                    self.commands[cmd] = {}

                self.commands[cmd][subcommand] = {
                   "args": inspect.getargspec(fn)[0][1:],
                   "desc": fn.clidesc,
                   "fn": fn,
                   "order": fn.cliorder
                }
        self.cv = threading.Condition()
        self.inputThread = threading.Thread(target = self.startInputThread, args = (self.cv,))
        self.inputThread.daemon = True
def interactive_argument_resolver(parser):
    input_strings = []
    # Iterate through all arguments in the parser
    for action in [a for a in parser.__dict__['_actions'] if a.nargs is not 0]:
        # Use the rightmost defined flag
        flag = action.option_strings[-1]

        # Iterate until input value is accepted
        while True:
            # Set an auto completer if choices are defined
            if action.choices:
                readline.set_completer(_make_autocompleter(action.choices))
            # Clear the auto completer otherwise
            else:
                readline.set_completer(_make_autocompleter(['']))

            # Prompt user for an input value
            value = raw_input(_prompt(action))

            # If user input is blank and there is a default value defined, use the default value
            if not value and action.default:
                value = action.default
                break
            # If user input validates
            if _value_validates(action, value):
                break

        # Add flag and value to resulting list of arguments
        input_strings.append(flag)
        input_strings.append(value)

    return parser.parse_args(input_strings)
Пример #14
0
    def __init__(self, inp=None, out=None, opts={}):
        get_option = lambda key: Mmisc.option_set(opts, key,
                                                  DEFAULT_USER_SETTINGS)

        Minput = import_relative('input', '..inout', 'trepan')
        Moutput = import_relative('output', '..inout', 'trepan')

        atexit.register(self.finalize)
        self.interactive = True  # Or at least so we think initially
        self.input       = inp or Minput.DebuggerUserInput()
        self.output      = out or Moutput.DebuggerUserOutput()

        if self.input.use_history():
            complete = get_option('complete')
            if complete:
                parse_and_bind("tab: complete")
                set_completer(complete)
                pass
            self.histfile = get_option('histfile')
            if self.histfile:
                try:
                    read_history_file(histfile)
                except IOError:
                    pass
                set_history_length(50)
                atexit.register(write_history_file, self.histfile)
                pass
        return
Пример #15
0
def interactive_browser(srcdir=None):
    """
    launch an interactive view for browsing the original
    archives.
    """

    info("launching interactive data browser...")

    # the variable is actually used, in the interactive prompt.
    # pylint: disable=unused-variable
    data, game_versions = mount_input(srcdir)

    if not data:
        warn("cannot launch browser as no valid input assets were found.")
        return

    def save(path, target):
        """
        save a path to a custom target
        """
        with path.open("rb") as infile:
            with open(target, "rb") as outfile:
                outfile.write(infile.read())

    def save_slp(path, target, palette=None):
        """
        save a slp as png.
        """
        from .texture import Texture
        from .slp import SLP
        from .driver import get_palette

        if not palette:
            palette = get_palette(data, game_versions)

        with path.open("rb") as slpfile:
            tex = Texture(SLP(slpfile.read()), palette)

            out_path, filename = os.path.split(target)
            tex.save(Directory(out_path).root, filename)

    import code
    from pprint import pprint

    import rlcompleter

    completer = rlcompleter.Completer(locals())
    readline.parse_and_bind("tab: complete")
    readline.parse_and_bind("set show-all-if-ambiguous on")
    readline.set_completer(completer.complete)

    code.interact(
        banner=("\nuse `pprint` for beautiful output!\n"
                "you can access stuff by the `data` variable!\n"
                "`data` is an openage.util.fslike.path.Path!\n"
                "* list contents:      `pprint(list(data['graphics'].list()))`\n"
                "* dump data:          `save(data['file/path'], '/tmp/outputfile')`.\n"
                "* save a slp as png:  `save_slp(data['dir/123.slp'], '/tmp/pic.png')`.\n"),
        local=locals()
    )
Пример #16
0
def interact(PS1, PS2, BANNER, *arg, **kwarg):
	def Completer(text, stat):
		if text.startswith('.') or text.startswith('/'):
			ret = path_matches(text)
		elif '.' not in text:
			ret = global_matches(text)
		else:
			ret = attr_matches(text)

		try:
			return ret[stat]
		except IndexError:
			return None
	@utils.regExitCallback
	def exit_interact():
		""" Clean all when exit """
		
		print "Goodbye..."

	## Compatible for Mac OS since Mac OS ship libedit for readline
	if "libedit" in readline.__doc__:
		import rlcompleter
		readline.parse_and_bind("bind ^I rl_complete")
	else:
		readline.parse_and_bind("tab: complete")

	## Change PS
	sys.ps1, sys.ps2 = PS1, PS2
	delims = readline.get_completer_delims().replace('/','')
	readline.set_completer_delims(delims)
	readline.set_completer(Completer)


	## Run Interpreter
	code.interact(banner=BANNER, local=globals())
Пример #17
0
 def uninit_completer(self):
     try:
         import readline
         readline.set_completer()
         readline.clear_history()
     except:
         pass
Пример #18
0
	def __init__(self):
		self.modules = None
		self.currentmodule = None
		self.db = db_handler.DBHandler()
		self.commands = [("search", "Search for malwares according to a filter,\n\t\t\te.g 'search cpp worm'."),
						 ("list all", "Lists all available modules"),
						 ("use", "Selects a malware by ID"),
						 ("info", "Retreives information about malware"),
						 ("get", "Downloads selected malware"),
						 ("report-mal", "Report a malware you found"),
						 ("update-db", "Updates the databse"),
						 ("help", "Displays this help..."),
						 ("exit", "Exits...")]

		self.commandsWithoutDescription = {'search': '', 'list all': '', 'use': '', 'info': '',
										   'get': '', 'report-mal': '', 'update-db': '', 'help': '', 'exit': ''}

		self.searchmeth = [("arch", "which architecture etc; x86, x64, arm7 so on..."),
						   ("plat",
							"platform: win32, win64, mac, android so on..."),
						   ("lang", "c, cpp, vbs, bin so on..."),
						   ("vip", "1 or 0")]

		self.modules = self.GetPayloads()
		completer = globals.Completer(self.commandsWithoutDescription)

		readline.parse_and_bind("tab: complete")
		readline.set_completer(completer.complete)
def tupni(message, Filename): # Input backwards in case you were wondering
	
	# Function within a function... Not sure if its the right thing to do but ah well! This is the function that allows the autocomplete magic to happen
	def completer(text, state):
		options = [x for x in lowlist if x.startswith(text)]
		try:
			return options[state]
		except IndexError:
			return None

	readline.set_completer(completer)
	readline.parse_and_bind("tab: complete")

	# If a list is given it is changed to lowercase (this makes it easier to type and hold the book open at the same time). If the word is not on the specified list then it is added to the list and written to file
	if Filename:
		csvfile = Filename + ".csv"
		List = CSVToList(Filename)
		lowlist = [x.lower() for x in List]
		word = raw_input(message)
		
		if not (word in lowlist or word == ""):# Check if word is already on list and to stop blank input be written to the file
			writer = csv.writer(open(csvfile, 'a'), delimiter=',')
			fileline = [x.replace(" ","_") for x in [word.title()]]
			writer.writerow(fileline)
	else:
		word = raw_input(message)

	return word.title()
Пример #20
0
def main():
    global __prompt
    global __time_to_go

    print("JSON configuration utility version (1.0.0)")
    handle_arguments()

    readline.set_completer_delims("\t\n")
    readline.parse_and_bind("tab: complete")
    readline.set_completer(auto_complete)

    command = ""
    while True:
        try:
            user_input = input(__prompt + " ").strip()
        except KeyboardInterrupt:
            print()
            if __time_to_go:
                exit_command()
            else:
                __time_to_go = True
                print("Press ^C again to close. Running another command resets this.")
                continue

        if not user_input:
            continue

        run_command(user_input)
        __time_to_go = False
Пример #21
0
def main(files=[]):
    printtty(colorize('> ', PROMPT_COLOR) + "; Type HELP to get the HELP")
    printtty(colorize('> ', PROMPT_COLOR) +
           "; Completion is activated using the tab (if supported by the terminal)")

    for i in files:
        load_relation(i)

    readline.set_completer(completer.complete)

    readline.parse_and_bind('tab: complete')
    readline.parse_and_bind('set editing-mode emacs')
    readline.set_completer_delims(" ")

    while True:
        try:

            line = input(colorize('> ' if TTY else '', PROMPT_COLOR))
            if isinstance(line, str) and len(line) > 0:
                exec_line(line)
        except KeyboardInterrupt:
            if TTY:
                print ('^C\n')
                continue
            else:
                break
        except EOFError:
            printtty()
            sys.exit(0)
Пример #22
0
def get_input_with_readline(filename):
	"""
	sets up readline support for entering sitenames, completed from the
	existing list and accepts a line of input.
	"""
	if not os.path.exists(filename):
		file(filename, "w").close()

	all_lines = map(lambda x: x.strip(), file(filename).readlines())

	def  completer(text, state):
		"""
		custom readline completer
		"""
		candidates = filter(lambda x: x.startswith(text), all_lines)
		if state <= len(candidates):
			return candidates[state-1]
		else:
			return None

	try:
		import readline
		readline.set_completer(completer)
		readline.read_history_file(filename)
		readline.parse_and_bind('tab: complete')
		if hasattr(readline, 'readline'):
			print "sitename: ",
			readline._issued = True
			return readline.readline(history=all_lines, histfile=None)
		else:
			return raw_input("sitename: ")
	except:
		# no readline?
		return raw_input("sitename: ")
Пример #23
0
    def plain(self):
        """Plain Python shell."""
        from nikola import Nikola
        try:
            import conf
            SITE = Nikola(**conf.__dict__)
            SITE.scan_posts()
            gl = {'conf': conf, 'SITE': SITE, 'Nikola': Nikola}
        except ImportError:
            LOGGER.error("No configuration found, cannot run the console.")
        else:
            import code
            try:
                import readline
            except ImportError:
                pass
            else:
                import rlcompleter
                readline.set_completer(rlcompleter.Completer(gl).complete)
                readline.parse_and_bind("tab:complete")

            pythonrc = os.environ.get("PYTHONSTARTUP")
            if pythonrc and os.path.isfile(pythonrc):
                try:
                    execfile(pythonrc)  # NOQA
                except NameError:
                    pass

            code.interact(local=gl, banner=self.header.format('Python'))
Пример #24
0
    def handle(self, **options):
        imported_objects = {}
        try:
            from django.db.models.loading import get_models
        except ImportError:
            from django.apps import apps
            get_models = apps.get_models
        for m in get_models():
            imported_objects[m.__name__] = m

        try:
            self.ipython(imported_objects)
        except ImportError:
            import code
            try:  # Try activating rlcompleter, because it's handy.
                import readline
            except ImportError:
                pass
            else:
                # We don't have to wrap the following import in a 'try'
                # we already know 'readline' was imported successfully.
                import rlcompleter
                readline.set_completer(
                    rlcompleter.Completer(imported_objects).complete)
                readline.parse_and_bind("tab:complete")
            code.interact(local=imported_objects)
def sshcheck():
  attacks = {}
  users = {}
  try:
    import readline, rlcompleter
    readline.set_completer_delims(' \t\n;')
    readline.parse_and_bind("tab: complete")
    readline.set_completer(complete)
  except ImportError:
    print 'No Tab Completion'
  LOGs = raw_input('Enter the path to the log file: ')
  for LOG in LOGs.split(' '):
    if LOG.endswith('.gz'):
      auth_logs = gzip.GzipFile(LOG, 'r')
    else:
      auth_logs = open(LOG, 'r')
    if len(LOGs) is '1':
      print "Parsing log file"
    else:
      print "Parsing log files"
    for log in auth_logs:
      l = {"raw": log }
      normalizer.normalize(l)
      if l.get('action') == 'fail' and l.get('program') == 'sshd':
        u = l['user']
        p = l['source_ip']
        o1, o2, o3, o4 = [int(i) for i in p.split('.')]
        if o1 == 192 and o2 == 168 or o1 == 172 and o2 in range(16, 32) or o1 == 10:
          print "Private IP, %s No geolocation data" %str(p)
        attacks[p] = attacks.get(p, 0) + 1
  getip()
  dojson(attacks, IP)
Пример #26
0
    def __init__(self, locals=None, filename="<console>",
                 session = session,
                 request_socket=None,
                 sub_socket=None):
        code.InteractiveConsole.__init__(self, locals, filename)
        self.session = session
        self.request_socket = request_socket
        self.sub_socket = sub_socket
        self.backgrounded = 0
        self.messages = {}

        # Set tab completion
        self.completer = completer.ClientCompleter(self, session, request_socket)
        readline.parse_and_bind('tab: complete')
        readline.parse_and_bind('set show-all-if-ambiguous on')
        readline.set_completer(self.completer.complete)

        # Set system prompts
        sys.ps1 = 'Py>>> '
        sys.ps2 = '  ... '
        sys.ps3 = 'Out : '
        # Build dict of handlers for message types
        self.handlers = {}
        for msg_type in ['pyin', 'pyout', 'pyerr', 'stream']:
            self.handlers[msg_type] = getattr(self, 'handle_%s' % msg_type)
Пример #27
0
def rlinput(prompt, prefill='', oneline=False, ctxkey=''):
    """
    Get user input with readline editing support.
    """

    sentinel = ''
    if prefill is None:
        prefill = ''
    
    def only_once(text):
        """ generator for startup hook """
        readline.insert_text(text)
        yield
        while True:
            yield

    savedhist = NamedTemporaryFile()
    readline.write_history_file(savedhist.name)
    ctxhistname = ".tl" + ctxkey + "history"
    ctxhistfile = os.path.join(G.ProjectFolder, ctxhistname)
    try:
        readline.clear_history()
    except AttributeError:
        print "This readline doesn't support clear_history()"
        raise
    
    savedcompleter = readline.get_completer()
    try:
        ulines = uniqify(ctxhistfile)
        readline.read_history_file(ctxhistfile)
        readline.set_completer(HistoryCompleter(ulines).complete)
    except IOError:
        pass

    readline.parse_and_bind('tab: complete')
    saveddelims = readline.get_completer_delims()
    readline.set_completer_delims('') ## No delims. Complete entire lines.
    readline.set_completion_display_matches_hook(match_display_hook)
    gen = only_once(prefill)
    readline.set_startup_hook(gen.next)
    try:
        if oneline:
            edited = raw_input(prompt)
        else:
            print prompt
            edited = "\n".join(iter(raw_input, sentinel))

        if edited.endswith(r'%%'):
            ## Invoke external editor
            edited = external_edit(edited[0:-2])
        return edited
    finally:
        ## Restore readline state 
        readline.write_history_file(ctxhistfile)
        readline.clear_history()
        readline.read_history_file(savedhist.name)
        savedhist.close()
        readline.set_completer(savedcompleter)
        readline.set_completer_delims(saveddelims)
        readline.set_startup_hook()    
Пример #28
0
 def completer(self,func):
     def keys():
         keys = [i for i in func()]
         return keys        
     readline.set_completer(SimpleCompleter(keys()).complete)
     readline.set_completer_delims('')
     readline.parse_and_bind('tab: complete')
Пример #29
0
    def setup(self):
        """ Initialization of third-party libraries

        Setting interpreter history.
        Setting appropriate completer function.

        :return:
        """
        if not os.path.exists(self.history_file):
            with open(self.history_file, 'a+') as history:
                if is_libedit():
                    history.write("_HiStOrY_V2_\n\n")

        readline.read_history_file(self.history_file)
        readline.set_history_length(self.history_length)
        atexit.register(readline.write_history_file, self.history_file)

        readline.parse_and_bind('set enable-keypad on')

        readline.set_completer(self.complete)
        readline.set_completer_delims(' \t\n;')
        if is_libedit():
            readline.parse_and_bind("bind ^I rl_complete")
        else:
            readline.parse_and_bind("tab: complete")
Пример #30
0
    def FastLogin(self):
        data = map(str, DBQuery().AuthIP())
        ip_user = [v.replace('\t', ' ') for v in data]
        
        # raw_input tab 
        def complete(text, state):
            for i in ip_user:
                if i.startswith(text):
                    if not state:
                        return i
                    else:
                        state -= 1
        readline.parse_and_bind("tab: complete")
        readline.set_completer(complete)

        while True:
            ip_user = raw_input('Please input ip and user > ').strip().split()
            if 'q' in ip_user:
                self.Main()
            elif len(ip_user) == 2:
                remote_ip, remote_user = ip_user[0], ip_user[1]
                self.Connection(remote_ip, remote_user)
                break
            else: 
                continue
Пример #31
0
        print("The RamDump instance is available in the `dump' variable\n")
        do_fallback = options.classic_shell
        if not do_fallback:
            try:
                from IPython import embed
                embed()
            except ImportError:
                do_fallback = True

        if do_fallback:
            import code
            import readline
            import rlcompleter
            vars = globals()
            vars.update(locals())
            readline.set_completer(rlcompleter.Completer(vars).complete)
            readline.parse_and_bind("tab: complete")
            shell = code.InteractiveConsole(vars)
            shell.interact()
        sys.exit(0)

    if not dump.print_command_line():
        print_out_str('!!! Error printing saved command line.')
        print_out_str('!!! The vmlinux is probably wrong for the ramdumps')
        print_out_str('!!! Exiting now...')
        sys.exit(1)

    if options.qdss:
        print_out_str('!!! --parse-qdss is now deprecated')
        print_out_str(
            '!!! Please just use --parse-debug-image to get QDSS information')
Пример #32
0
        elif text.startswith('{'):
            text = text[1:]
            matches[:] = [
                '{' + prop + '}' for prop in env if prop.startswith(text)
            ]
        else:
            if not binaries_on_path:
                get_binaries_on_path()
            matches[:] = []
            append = matches.append
            for file in binaries_on_path:
                if file.startswith(text):
                    append(file)
                else:
                    if matches:
                        break
    try:
        return matches[state]
    except IndexError:
        return


try:
    import readline
except ImportError:
    readline = None
else:
    readline.set_completer_delims(' \t\n')
    readline.set_completer(complete)
    readline.parse_and_bind('tab: complete')
Пример #33
0
def tb_injection_handler(url, timesec, filename, http_request_method, url_time_response):
 
  counter = 1
  num_of_chars = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  possibly_vulnerable = False
  false_positive_warning = False
  export_injection_info = False
  how_long = 0
  injection_type = "blind OS command injection"
  technique = "time-based command injection technique"

  if settings.VERBOSITY_LEVEL >= 1:
    info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... "
    print settings.print_info_msg(info_msg)

  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = settings.MAXLEN
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    warn_msg = "The '--url-reload' option is not available in " + technique + "."
    print settings.print_warning_msg(warn_msg)

  #whitespace = checks.check_whitespaces()
  # Calculate all possible combinations
  total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
  for whitespace in settings.WHITESPACE:
    for prefix in settings.PREFIXES:
      for suffix in settings.SUFFIXES:
        for separator in settings.SEPARATORS:
          # Check injection state
          settings.DETECTION_PHASE = True
          settings.EXPLOITATION_PHASE = False
          # If a previous session is available.
          how_long_statistic = []
          if settings.LOAD_SESSION and session_handler.notification(url, technique, injection_type):
            try:
              cmd = shell = ""
              url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
              checks.check_for_stored_tamper(payload)
              settings.FOUND_HOW_LONG = how_long
              settings.FOUND_DIFF = how_long - timesec
            except TypeError:
              err_msg = "An error occurred while accessing session file ('"
              err_msg += settings.SESSION_FILE + "'). "
              err_msg += "Use the '--flush-session' option."
              print settings.print_critical_msg(err_msg)
              sys.exit(0)

          if settings.RETEST == True:
            settings.RETEST = False
            from src.core.injections.results_based.techniques.classic import cb_handler
            cb_handler.exploitation(url, timesec, filename, http_request_method)

          if not settings.LOAD_SESSION:
            num_of_chars = num_of_chars + 1
            # Check for bad combination of prefix and separator
            combination = prefix + separator
            if combination in settings.JUNK_COMBINATION:
              prefix = ""
            
            # Define alter shell
            alter_shell = menu.options.alter_shell
            
            # Change TAG on every request to prevent false-positive results.
            TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))
            tag_length = len(TAG) + 4
            
            for output_length in range(1, int(tag_length)):
              try:
                if alter_shell:
                  # Time-based decision payload (check if host is vulnerable).
                  payload = tb_payloads.decision_alter_shell(separator, TAG, output_length, timesec, http_request_method)
                else:
                  # Time-based decision payload (check if host is vulnerable).
                  payload = tb_payloads.decision(separator, TAG, output_length, timesec, http_request_method)

                # Fix prefixes / suffixes
                payload = parameters.prefixes(payload, prefix)
                payload = parameters.suffixes(payload, suffix)

                # Whitespace fixation
                payload = re.sub(" ", whitespace, payload)
                
                # Check for base64 / hex encoding
                payload = checks.perform_payload_encoding(payload)

                # Check if defined "--verbose" option.
                if settings.VERBOSITY_LEVEL == 1:
                  payload_msg = payload.replace("\n", "\\n")
                  print settings.print_payload(payload_msg)
                # Check if defined "--verbose" option.
                elif settings.VERBOSITY_LEVEL > 1:
                  info_msg = "Generating a payload for injection..."
                  print settings.print_info_msg(info_msg)
                  payload_msg = payload.replace("\n", "\\n") 
                  sys.stdout.write(settings.print_payload(payload_msg) + "\n")

                # Cookie Injection
                if settings.COOKIE_INJECTION == True:
                  # Check if target host is vulnerable to cookie injection.
                  vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                  how_long = tb_injector.cookie_injection_test(url, vuln_parameter, payload)

                # User-Agent Injection
                elif settings.USER_AGENT_INJECTION == True:
                  # Check if target host is vulnerable to user-agent injection.
                  vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                  how_long = tb_injector.user_agent_injection_test(url, vuln_parameter, payload)

                # Referer Injection
                elif settings.REFERER_INJECTION == True:
                  # Check if target host is vulnerable to referer injection.
                  vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
                  how_long = tb_injector.referer_injection_test(url, vuln_parameter, payload)

                # Custom HTTP header Injection
                elif settings.CUSTOM_HEADER_INJECTION == True:
                  # Check if target host is vulnerable to custom http header injection.
                  vuln_parameter = parameters.specify_custom_header_parameter(settings.INJECT_TAG)
                  how_long = tb_injector.custom_header_injection_test(url, vuln_parameter, payload)

                else:
                  # Check if target host is vulnerable.
                  how_long, vuln_parameter = tb_injector.injection_test(payload, http_request_method, url)

                # Statistical analysis in time responses.
                how_long_statistic.append(how_long)

                # Injection percentage calculation
                percent = ((num_of_chars * 100) / total)
                float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total * 1.0)),2))

                if percent == 100 and no_result == True:
                  if not settings.VERBOSITY_LEVEL >= 1:
                    percent = Fore.RED + "FAILED" + Style.RESET_ALL
                  else:
                    percent = ""
                else:
                  if (url_time_response == 0 and (how_long - timesec) >= 0) or \
                     (url_time_response != 0 and (how_long - timesec) == 0 and (how_long == timesec)) or \
                     (url_time_response != 0 and (how_long - timesec) > 0 and (how_long >= timesec + 1)) :

                    # Time relative false positive fixation.
                    false_positive_fixation = False
                    if len(TAG) == output_length:

                      # Simple statical analysis
                      statistical_anomaly = True
                      if len(set(how_long_statistic[0:5])) == 1:
                        if max(xrange(len(how_long_statistic)), key=lambda x: how_long_statistic[x]) == len(TAG) - 1:
                          statistical_anomaly = False
                          how_long_statistic = []  

                      if timesec <= how_long and not statistical_anomaly:
                        false_positive_fixation = True
                      else:
                        false_positive_warning = True

                    # Identified false positive warning message.
                    if false_positive_warning:
                      warn_msg = "Unexpected time delays have been identified due to unstable "
                      warn_msg += "requests. This behavior may lead to false-positive results.\n"
                      sys.stdout.write("\r" + settings.print_warning_msg(warn_msg))
                      while True:
                        if not menu.options.batch:
                          question_msg = "How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > "
                          sys.stdout.write(settings.print_question_msg(question_msg))
                          proceed_option = sys.stdin.readline().replace("\n","").lower()
                        else:
                          proceed_option = ""  
                        if len(proceed_option) == 0:
                           proceed_option = "c" 
                        if proceed_option.lower() in settings.CHOICE_PROCEED :
                          if proceed_option.lower() == "s":
                            false_positive_fixation = False
                            raise
                          elif proceed_option.lower() == "c":
                            timesec = timesec + 1
                            false_positive_fixation = True
                            break
                          elif proceed_option.lower() == "q":
                            raise SystemExit()
                        else:
                          err_msg = "'" + proceed_option + "' is not a valid answer."
                          print settings.print_error_msg(err_msg)
                          pass

                    # Check if false positive fixation is True.
                    if false_positive_fixation:
                      false_positive_fixation = False
                      settings.FOUND_HOW_LONG = how_long
                      settings.FOUND_DIFF = how_long - timesec
                      if false_positive_warning:
                        time.sleep(1)
                      randv1 = random.randrange(1, 10)
                      randv2 = random.randrange(1, 10)
                      randvcalc = randv1 + randv2

                      if settings.TARGET_OS == "win":
                        if alter_shell:
                          cmd = settings.WIN_PYTHON_DIR + "python.exe -c \"print (" + str(randv1) + " + " + str(randv2) + ")\""
                        else:
                          cmd = "powershell.exe -InputFormat none write (" + str(randv1) + " + " + str(randv2) + ")"
                      else:
                        cmd = "expr " + str(randv1) + " + " + str(randv2) + ""

                      # Check for false positive resutls
                      how_long, output = tb_injector.false_positive_check(separator, TAG, cmd, whitespace, prefix, suffix, timesec, http_request_method, url, vuln_parameter, randvcalc, alter_shell, how_long, url_time_response)

                      if (url_time_response == 0 and (how_long - timesec) >= 0) or \
                         (url_time_response != 0 and (how_long - timesec) == 0 and (how_long == timesec)) or \
                         (url_time_response != 0 and (how_long - timesec) > 0 and (how_long >= timesec + 1)) :
                        
                        if str(output) == str(randvcalc) and len(TAG) == output_length:
                          possibly_vulnerable = True
                          how_long_statistic = 0
                          if not settings.VERBOSITY_LEVEL >= 1:
                            percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
                          else:
                            percent = ""
                      else:
                        break
                    # False positive
                    else:
                      if not settings.VERBOSITY_LEVEL >= 1:
                        percent = str(float_percent)+ "%"
                        info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... " +  "[ " + percent + " ]"
                        sys.stdout.write("\r" + settings.print_info_msg(info_msg))
                        sys.stdout.flush()
                      continue    
                  else:
                    if not settings.VERBOSITY_LEVEL >= 1:
                      percent = str(float_percent)+ "%"
                      info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... " +  "[ " + percent + " ]"
                      sys.stdout.write("\r" + settings.print_info_msg(info_msg))
                      sys.stdout.flush()
                    continue
                if not settings.VERBOSITY_LEVEL >= 1:
                  info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... " +  "[ " + percent + " ]"
                  sys.stdout.write("\r" + settings.print_info_msg(info_msg))
                  sys.stdout.flush()

              except KeyboardInterrupt: 
                raise

              except SystemExit:
                raise

              except:
                break
              break
              
          # Yaw, got shellz! 
          # Do some magic tricks!
          if (url_time_response == 0 and (how_long - timesec) >= 0) or \
             (url_time_response != 0 and (how_long - timesec) == 0 and (how_long == timesec)) or \
             (url_time_response != 0 and (how_long - timesec) > 0 and (how_long >= timesec + 1)) :  
            if (len(TAG) == output_length) and \
               (possibly_vulnerable == True or settings.LOAD_SESSION and int(is_vulnerable) == menu.options.level):

              found = True
              no_result = False
              # Check injection state
              settings.DETECTION_PHASE = False
              settings.EXPLOITATION_PHASE = True
              if settings.LOAD_SESSION:
                possibly_vulnerable = False

              if settings.COOKIE_INJECTION == True: 
                header_name = " cookie"
                found_vuln_parameter = vuln_parameter
                the_type = " parameter"

              elif settings.USER_AGENT_INJECTION == True: 
                header_name = " User-Agent"
                found_vuln_parameter = ""
                the_type = " HTTP header"

              elif settings.REFERER_INJECTION == True: 
                header_name = " Referer"
                found_vuln_parameter = ""
                the_type = " HTTP header"

              elif settings.CUSTOM_HEADER_INJECTION == True: 
                header_name = " " + settings.CUSTOM_HEADER_NAME
                found_vuln_parameter = ""
                the_type = " HTTP header"

              else:
                header_name = ""
                the_type = " parameter"
                if http_request_method == "GET":
                  found_vuln_parameter = parameters.vuln_GET_param(url)
                else :
                  found_vuln_parameter = vuln_parameter

              if len(found_vuln_parameter) != 0 :
                found_vuln_parameter = " '" +  found_vuln_parameter + Style.RESET_ALL  + Style.BRIGHT + "'" 
              
              # Print the findings to log file.
              if export_injection_info == False:
                export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
              if vp_flag == True:
                vp_flag = logs.add_parameter(vp_flag, filename, the_type, header_name, http_request_method, vuln_parameter, payload)
              logs.update_payload(filename, counter, payload) 
              counter = counter + 1

              if not settings.LOAD_SESSION:
                print ""

              # Print the findings to terminal.
              success_msg = "The"
              if found_vuln_parameter == " ": 
                success_msg += http_request_method + "" 
              success_msg += the_type + header_name
              success_msg += found_vuln_parameter + " seems injectable via "
              success_msg += "(" + injection_type.split(" ")[0] + ") " + technique + "."
              print settings.print_success_msg(success_msg)
              print settings.SUB_CONTENT_SIGN + "Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL
              # Export session
              if not settings.LOAD_SESSION:
                shell = ""
                session_handler.injection_point_importation(url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable=menu.options.level)
                #possibly_vulnerable = False
              else:
                settings.LOAD_SESSION = False 
              
              new_line = False   
              # Check for any enumeration options.
              if settings.ENUMERATION_DONE == True:
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to enumerate again? [Y/n] > "
                    enumerate_again = raw_input("\n" + settings.print_question_msg(question_msg)).lower()
                  else:
                    enumerate_again = ""
                  if len(enumerate_again) == 0:
                    enumerate_again = "y"
                  if enumerate_again in settings.CHOICE_YES:
                    tb_enumeration.do_check(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
                    print ""
                    break
                  elif enumerate_again in settings.CHOICE_NO: 
                    new_line = True
                    break
                  elif enumerate_again in settings.CHOICE_QUIT:
                    sys.exit(0)
                  else:
                    err_msg = "'" + enumerate_again + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass
              else:
                if menu.enumeration_options():
                  tb_enumeration.do_check(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
                  print ""

              # Check for any system file access options.
              if settings.FILE_ACCESS_DONE == True:
                print ""
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to access files again? [Y/n] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    file_access_again = sys.stdin.readline().replace("\n","").lower()
                  else:
                    file_access_again = "" 
                  if len(file_access_again) == 0:
                     file_access_again = "y" 
                  if file_access_again in settings.CHOICE_YES:
                    tb_file_access.do_check(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
                    break
                  elif file_access_again in settings.CHOICE_NO: 
                    if not new_line:
                      new_line = True
                    break 
                  elif file_access_again in settings.CHOICE_QUIT:
                    sys.exit(0)
                  else:
                    err_msg = "'" + file_access_again  + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass
              else:
                # if not menu.enumeration_options() and not menu.options.os_cmd:
                #   print ""
                tb_file_access.do_check(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)

              # Check if defined single cmd.
              if menu.options.os_cmd:
                cmd = menu.options.os_cmd
                check_how_long, output = tb_enumeration.single_os_cmd_exec(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
                # Export injection result
                tb_injector.export_injection_results(cmd, separator, output, check_how_long)
                sys.exit(0)

              if not new_line :
                print ""

              # Pseudo-Terminal shell
              go_back = False
              go_back_again = False
              while True:
                if go_back == True:
                  break 
                if not menu.options.batch:  
                  question_msg = "Do you want a Pseudo-Terminal shell? [Y/n] > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  gotshell = sys.stdin.readline().replace("\n","").lower()
                else:
                  gotshell = "" 
                if len(gotshell) == 0:
                  gotshell = "y"
                if gotshell in settings.CHOICE_YES:
                  if not menu.options.batch:
                    print ""
                  print "Pseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
                  if readline_error:
                    checks.no_readline_module()
                  while True:
                    if false_positive_warning:
                      warn_msg = "Due to unexpected time delays, it is highly "
                      warn_msg += "recommended to enable the 'reverse_tcp' option.\n"
                      sys.stdout.write("\r" + settings.print_warning_msg(warn_msg))
                      false_positive_warning = False
                    try:
                      # Tab compliter
                      if not readline_error:
                        readline.set_completer(menu.tab_completer)
                        # MacOSX tab compliter
                        if getattr(readline, '__doc__', '') is not None and 'libedit' in getattr(readline, '__doc__', ''):
                          readline.parse_and_bind("bind ^I rl_complete")
                        # Unix tab compliter
                        else:
                          readline.parse_and_bind("tab: complete")
                      cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
                      cmd = checks.escaped_cmd(cmd)
                      if cmd.lower() in settings.SHELL_OPTIONS:
                        go_back, go_back_again = shell_options.check_option(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, technique, go_back, no_result, timesec, go_back_again)
                        if go_back and go_back_again == False:
                          break
                        if go_back and go_back_again:
                          return True 
                      else:
                        print ""
                        if menu.options.ignore_session or \
                           session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
                          # The main command injection exploitation.
                          check_how_long, output = tb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
                          # Export injection result
                          tb_injector.export_injection_results(cmd, separator, output, check_how_long)
                          if not menu.options.ignore_session :
                            session_handler.store_cmd(url, cmd, output, vuln_parameter)
                        else:
                          output = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
                          print Fore.GREEN + Style.BRIGHT + output + Style.RESET_ALL
                        # Update logs with executed cmds and execution results.
                        logs.executed_command(filename, cmd, output)
                        print ""
                    except KeyboardInterrupt: 
                      raise

                    except SystemExit: 
                      raise
                      
                elif gotshell in settings.CHOICE_NO:
                  if checks.next_attack_vector(technique, go_back) == True:
                    break
                  else:
                    if no_result == True:
                      return False 
                    else:
                      return True  
                      
                elif gotshell in settings.CHOICE_QUIT:
                  sys.exit(0)

                else:
                  err_msg = "'" + gotshell + "' is not a valid answer."
                  print settings.print_error_msg(err_msg)
                  pass
                break
            
    
  if no_result == True:
    print ""
    return False

  else :
    sys.stdout.write("\r")
    sys.stdout.flush()
Пример #34
0
def console():
    # Configuring the commpleter
    comp = Completer(['load', 'set', 'show', 'run', 'back', 'quit', 'help'])
    readline.set_completer_delims(' \t\n;')
    readline.parse_and_bind("tab: complete")
    readline.set_completer(comp.complete)
    brush = Brush()

    print(banners.get_banner())
    brush.color(' [+]', 'YELLOW')
    print ' Starting the console...'
    brush.color(' [*]', 'GREEN')
    print ' Console ready!\n\n'

    session = None

    while True:
        if session is None:
            user_input = raw_input(
                colored('uac-a-mola> ', 'yellow', attrs=['bold'])).split()
        else:
            user_input = raw_input(
                "uac-a-mola[" +
                colored(session.header(), 'yellow', attrs=['bold']) +
                "]> ").split()

        if user_input == []:
            continue

        elif user_input[0] in CLEAR_COMMANDS:
            os.system('cls')

        elif user_input[0] == 'back':
            session = None

        elif user_input[0] in END_COMMANDS:
            os._exit(-1)

        elif user_input[0] == 'load':
            if (len(user_input) == 1):
                brush.color('[!] Please, load a module\n', 'RED')
                continue
            session = Session(user_input[1])
            brush = Brush()

            # The module is incorrect
            if not (session.correct_module()):
                session = None

        elif user_input[0] == 'show':
            if session is None:
                brush.color('[!] Please, load a module\n', 'RED')
                continue
            session.show()

        elif user_input[0] == 'set':
            if session is None:
                brush.color('[!] Please, load a module\n', 'RED')
                continue
            elif len(user_input) != 3:
                brush.color('[!] Wrong number of arguments for set\n', 'RED')
                continue
            else:
                session.set(user_input[1], user_input[2])

        elif user_input[0] == 'run':
            if session is None:
                brush.color('[!] Please, load a module\n', 'RED')
                continue
            session.run()
Пример #35
0
    def clear(cls):
        cls.__VOCABULARY = ()
        readline.set_completer()

        readline.clear_history()
Пример #36
0
        """
        import re

        # Another option, seems to work great. Catches things like ''.<tab>
        m = re.match(r"(\S+(\.\w+)*)\.(\w*)$", text)

        if not m:
            return []
        expr, attr = m.group(1, 3)
        object = eval(expr, self.namespace)
        words = [w for w in dir(object) if isinstance(w, basestring)]
        if hasattr(object,'__class__'):
            words.append('__class__')
            words.extend(get_class_members(object.__class__))
        n = len(attr)
        matches = []
        for word in words:
            if word[:n] == attr and word != "__builtins__":
                matches.append("%s.%s" % (expr, word))
        return matches

def get_class_members(klass):
    ret = dir(klass)
    if hasattr(klass,'__bases__'):
        for base in klass.__bases__:
            ret.extend(get_class_members(base))
    return ret

readline.set_completer(Completer().complete)
Пример #37
0
def cb_injection_handler(url, timesec, filename, http_request_method):

    counter = 1
    vp_flag = True
    no_result = True
    is_encoded = False
    export_injection_info = False
    injection_type = "results-based OS command injection"
    technique = "classic command injection technique"

    if not settings.LOAD_SESSION:
        info_msg = "Testing the " + "(" + injection_type.split(
            " ")[0] + ") " + technique + "... "
        sys.stdout.write(settings.print_info_msg(info_msg))
        sys.stdout.flush()
        if settings.VERBOSITY_LEVEL >= 1:
            print ""

    i = 0
    # Calculate all possible combinations
    total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(
        settings.SEPARATORS) * len(settings.SUFFIXES)
    for whitespace in settings.WHITESPACE:
        for prefix in settings.PREFIXES:
            for suffix in settings.SUFFIXES:
                for separator in settings.SEPARATORS:
                    if whitespace == " ":
                        whitespace = urllib.quote(whitespace)
                    # Check injection state
                    settings.DETECTION_PHASE = True
                    settings.EXPLOITATION_PHASE = False
                    # If a previous session is available.
                    if settings.LOAD_SESSION and session_handler.notification(
                            url, technique, injection_type):
                        try:
                            url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(
                                url, http_request_method)
                            checks.check_for_stored_tamper(payload)
                        except TypeError:
                            err_msg = "An error occurred while accessing session file ('"
                            err_msg += settings.SESSION_FILE + "'). "
                            err_msg += "Use the '--flush-session' option."
                            print settings.print_critical_msg(err_msg)
                            sys.exit(0)

                    else:
                        i = i + 1
                        # Check for bad combination of prefix and separator
                        combination = prefix + separator
                        if combination in settings.JUNK_COMBINATION:
                            prefix = ""

                        # Change TAG on every request to prevent false-positive results.
                        TAG = ''.join(
                            random.choice(string.ascii_uppercase)
                            for i in range(6))

                        randv1 = random.randrange(100)
                        randv2 = random.randrange(100)
                        randvcalc = randv1 + randv2

                        # Define alter shell
                        alter_shell = menu.options.alter_shell

                        try:
                            if alter_shell:
                                # Classic -alter shell- decision payload (check if host is vulnerable).
                                payload = cb_payloads.decision_alter_shell(
                                    separator, TAG, randv1, randv2)
                            else:
                                # Classic decision payload (check if host is vulnerable).
                                payload = cb_payloads.decision(
                                    separator, TAG, randv1, randv2)

                            # Define prefixes & suffixes
                            payload = parameters.prefixes(payload, prefix)
                            payload = parameters.suffixes(payload, suffix)

                            # Whitespace fixation
                            payload = re.sub(" ", whitespace, payload)

                            # Check for base64 / hex encoding
                            payload = checks.perform_payload_encoding(payload)

                            # Check if defined "--verbose" option.
                            if settings.VERBOSITY_LEVEL == 1:
                                print settings.print_payload(payload)
                            elif settings.VERBOSITY_LEVEL > 1:
                                info_msg = "Generating a payload for injection..."
                                print settings.print_info_msg(info_msg)
                                print settings.print_payload(payload)

                            # Cookie Injection
                            if settings.COOKIE_INJECTION == True:
                                # Check if target host is vulnerable to cookie injection.
                                vuln_parameter = parameters.specify_cookie_parameter(
                                    menu.options.cookie)
                                response = cb_injector.cookie_injection_test(
                                    url, vuln_parameter, payload)

                            # User-Agent Injection
                            elif settings.USER_AGENT_INJECTION == True:
                                # Check if target host is vulnerable to user-agent injection.
                                vuln_parameter = parameters.specify_user_agent_parameter(
                                    menu.options.agent)
                                response = cb_injector.user_agent_injection_test(
                                    url, vuln_parameter, payload)

                            # Referer Injection
                            elif settings.REFERER_INJECTION == True:
                                # Check if target host is vulnerable to referer injection.
                                vuln_parameter = parameters.specify_referer_parameter(
                                    menu.options.referer)
                                response = cb_injector.referer_injection_test(
                                    url, vuln_parameter, payload)

                            # Custom HTTP header Injection
                            elif settings.CUSTOM_HEADER_INJECTION == True:
                                # Check if target host is vulnerable to custom http header injection.
                                vuln_parameter = parameters.specify_custom_header_parameter(
                                    settings.INJECT_TAG)
                                response = cb_injector.custom_header_injection_test(
                                    url, vuln_parameter, payload)

                            else:
                                # Check if target host is vulnerable.
                                response, vuln_parameter = cb_injector.injection_test(
                                    payload, http_request_method, url)

                            # Try target page reload (if it is required).
                            if settings.URL_RELOAD:
                                response = requests.url_reload(url, timesec)

                            # Evaluate test results.
                            time.sleep(timesec)
                            shell = cb_injector.injection_test_results(
                                response, TAG, randvcalc)

                            if not settings.VERBOSITY_LEVEL >= 1:
                                percent = ((i * 100) / total)
                                float_percent = "{0:.1f}".format(
                                    round(((i * 100) / (total * 1.0)), 2))

                                if shell == False:
                                    info_msg = "Testing the " + "(" + injection_type.split(
                                        " "
                                    )[0] + ") " + technique + "... " + "[ " + float_percent + "%" + " ]"
                                    sys.stdout.write(
                                        "\r" +
                                        settings.print_info_msg(info_msg))
                                    sys.stdout.flush()

                                if float(float_percent) >= 99.9:
                                    if no_result == True:
                                        percent = Fore.RED + "FAILED" + Style.RESET_ALL
                                    else:
                                        percent = str(float_percent) + "%"
                                elif len(shell) != 0:
                                    percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
                                else:
                                    percent = str(float_percent) + "%"
                                info_msg = "Testing the " + "(" + injection_type.split(
                                    " "
                                )[0] + ") " + technique + "... " + "[ " + percent + " ]"
                                sys.stdout.write(
                                    "\r" + settings.print_info_msg(info_msg))
                                sys.stdout.flush()

                        except KeyboardInterrupt:
                            raise

                        except SystemExit:
                            raise

                        except:
                            continue

                    # Yaw, got shellz!
                    # Do some magic tricks!
                    if shell:
                        found = True
                        no_result = False
                        # Check injection state
                        settings.DETECTION_PHASE = False
                        settings.EXPLOITATION_PHASE = True
                        if settings.COOKIE_INJECTION == True:
                            header_name = " cookie"
                            found_vuln_parameter = vuln_parameter
                            the_type = " parameter"

                        elif settings.USER_AGENT_INJECTION == True:
                            header_name = " User-Agent"
                            found_vuln_parameter = ""
                            the_type = " HTTP header"

                        elif settings.REFERER_INJECTION == True:
                            header_name = " Referer"
                            found_vuln_parameter = ""
                            the_type = " HTTP header"

                        elif settings.CUSTOM_HEADER_INJECTION == True:
                            header_name = " " + settings.CUSTOM_HEADER_NAME
                            found_vuln_parameter = ""
                            the_type = " HTTP header"

                        else:
                            header_name = ""
                            the_type = " parameter"
                            if http_request_method == "GET":
                                found_vuln_parameter = parameters.vuln_GET_param(
                                    url)
                            else:
                                found_vuln_parameter = vuln_parameter

                        if len(found_vuln_parameter) != 0:
                            found_vuln_parameter = " '" + found_vuln_parameter + Style.RESET_ALL + Style.BRIGHT + "'"

                        # Print the findings to log file.
                        if export_injection_info == False:
                            export_injection_info = logs.add_type_and_technique(
                                export_injection_info, filename,
                                injection_type, technique)
                        if vp_flag == True:
                            vp_flag = logs.add_parameter(
                                vp_flag, filename, the_type, header_name,
                                http_request_method, vuln_parameter, payload)
                        logs.update_payload(filename, counter, payload)
                        counter = counter + 1

                        if not settings.VERBOSITY_LEVEL >= 1 and not settings.LOAD_SESSION:
                            print ""

                        # Print the findings to terminal.
                        success_msg = "The"
                        if found_vuln_parameter == " ":
                            success_msg += http_request_method + ""
                        success_msg += the_type + header_name
                        success_msg += found_vuln_parameter + " seems injectable via "
                        success_msg += "(" + injection_type.split(
                            " ")[0] + ") " + technique + "."
                        print settings.print_success_msg(success_msg)
                        print settings.SUB_CONTENT_SIGN + "Payload: " + re.sub(
                            "%20", " ", re.sub("%2B", "+",
                                               payload)) + Style.RESET_ALL
                        # Export session
                        if not settings.LOAD_SESSION:
                            session_handler.injection_point_importation(
                                url,
                                technique,
                                injection_type,
                                separator,
                                shell[0],
                                vuln_parameter,
                                prefix,
                                suffix,
                                TAG,
                                alter_shell,
                                payload,
                                http_request_method,
                                url_time_response=0,
                                timesec=0,
                                how_long=0,
                                output_length=0,
                                is_vulnerable=menu.options.level)
                        else:
                            whitespace = settings.WHITESPACE[0]
                            settings.LOAD_SESSION = False

                        # Check for any enumeration options.
                        new_line = True
                        if settings.ENUMERATION_DONE == True:
                            while True:
                                if not menu.options.batch:
                                    question_msg = "Do you want to enumerate again? [Y/n] > "
                                    enumerate_again = raw_input(
                                        "\n" + settings.print_question_msg(
                                            question_msg)).lower()
                                else:
                                    enumerate_again = ""
                                if len(enumerate_again) == 0:
                                    enumerate_again = "y"
                                if enumerate_again in settings.CHOICE_YES:
                                    cb_enumeration.do_check(
                                        separator, TAG, prefix, suffix,
                                        whitespace, http_request_method, url,
                                        vuln_parameter, alter_shell, filename,
                                        timesec)
                                    #print ""
                                    break
                                elif enumerate_again in settings.CHOICE_NO:
                                    new_line = False
                                    break
                                elif enumerate_again in settings.CHOICE_QUIT:
                                    sys.exit(0)
                                else:
                                    err_msg = "'" + enumerate_again + "' is not a valid answer."
                                    print settings.print_error_msg(err_msg)
                                    pass
                        else:
                            if menu.enumeration_options():
                                cb_enumeration.do_check(
                                    separator, TAG, prefix, suffix, whitespace,
                                    http_request_method, url, vuln_parameter,
                                    alter_shell, filename, timesec)

                        if not menu.file_access_options(
                        ) and not menu.options.os_cmd and new_line:
                            print ""

                        # Check for any system file access options.
                        if settings.FILE_ACCESS_DONE == True:
                            if settings.ENUMERATION_DONE != True:
                                print ""
                            while True:
                                if not menu.options.batch:
                                    question_msg = "Do you want to access files again? [Y/n] > "
                                    sys.stdout.write(
                                        settings.print_question_msg(
                                            question_msg))
                                    file_access_again = sys.stdin.readline(
                                    ).replace("\n", "").lower()
                                else:
                                    file_access_again = ""
                                if len(file_access_again) == 0:
                                    file_access_again = "y"
                                if file_access_again in settings.CHOICE_YES:
                                    cb_file_access.do_check(
                                        separator, TAG, prefix, suffix,
                                        whitespace, http_request_method, url,
                                        vuln_parameter, alter_shell, filename,
                                        timesec)
                                    print ""
                                    break
                                elif file_access_again in settings.CHOICE_NO:
                                    break
                                elif file_access_again in settings.CHOICE_QUIT:
                                    sys.exit(0)
                                else:
                                    err_msg = "'" + file_access_again + "' is not a valid answer."
                                    print settings.print_error_msg(err_msg)
                                    pass
                        else:
                            if menu.file_access_options():
                                if not menu.enumeration_options():
                                    print ""
                                cb_file_access.do_check(
                                    separator, TAG, prefix, suffix, whitespace,
                                    http_request_method, url, vuln_parameter,
                                    alter_shell, filename, timesec)
                                print ""

                        # Check if defined single cmd.
                        if menu.options.os_cmd:
                            if not menu.file_access_options():
                                print ""
                            cb_enumeration.single_os_cmd_exec(
                                separator, TAG, prefix, suffix, whitespace,
                                http_request_method, url, vuln_parameter,
                                alter_shell, filename, timesec)

                        # Pseudo-Terminal shell
                        go_back = False
                        go_back_again = False
                        while True:
                            if go_back == True:
                                break
                            # if settings.ENUMERATION_DONE == False and settings.FILE_ACCESS_DONE == False:
                            #   if settings.VERBOSITY_LEVEL >= 1:
                            #     print ""
                            if not menu.options.batch:
                                question_msg = "Do you want a Pseudo-Terminal shell? [Y/n] > "
                                sys.stdout.write(
                                    settings.print_question_msg(question_msg))
                                gotshell = sys.stdin.readline().replace(
                                    "\n", "").lower()
                            else:
                                gotshell = ""
                            if len(gotshell) == 0:
                                gotshell = "y"
                            if gotshell in settings.CHOICE_YES:
                                if not menu.options.batch:
                                    print ""
                                print "Pseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
                                if readline_error:
                                    checks.no_readline_module()
                                while True:
                                    try:
                                        if not readline_error:
                                            # Tab compliter
                                            readline.set_completer(
                                                menu.tab_completer)
                                            # MacOSX tab compliter
                                            if getattr(
                                                    readline, '__doc__', ''
                                            ) is not None and 'libedit' in getattr(
                                                    readline, '__doc__', ''):
                                                readline.parse_and_bind(
                                                    "bind ^I rl_complete")
                                            # Unix tab compliter
                                            else:
                                                readline.parse_and_bind(
                                                    "tab: complete")
                                        cmd = raw_input("""commix(""" +
                                                        Style.BRIGHT +
                                                        Fore.RED +
                                                        """os_shell""" +
                                                        Style.RESET_ALL +
                                                        """) > """)
                                        cmd = checks.escaped_cmd(cmd)
                                        if cmd.lower(
                                        ) in settings.SHELL_OPTIONS:
                                            go_back, go_back_again = shell_options.check_option(
                                                separator, TAG, cmd, prefix,
                                                suffix, whitespace,
                                                http_request_method, url,
                                                vuln_parameter, alter_shell,
                                                filename, technique, go_back,
                                                no_result, timesec,
                                                go_back_again)
                                            if go_back and go_back_again == False:
                                                break
                                            if go_back and go_back_again:
                                                return True
                                        else:
                                            # Command execution results.
                                            time.sleep(timesec)
                                            response = cb_injector.injection(
                                                separator, TAG, cmd, prefix,
                                                suffix, whitespace,
                                                http_request_method, url,
                                                vuln_parameter, alter_shell,
                                                filename)
                                            # Try target page reload (if it is required).
                                            if settings.URL_RELOAD:
                                                response = requests.url_reload(
                                                    url, timesec)
                                            if menu.options.ignore_session or \
                                               session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
                                                # Evaluate injection results.
                                                try:
                                                    shell = cb_injector.injection_results(
                                                        response, TAG, cmd)
                                                    shell = "".join(
                                                        str(p) for p in shell)
                                                except:
                                                    print ""
                                                    continue
                                                if not menu.options.ignore_session:
                                                    session_handler.store_cmd(
                                                        url, cmd, shell,
                                                        vuln_parameter)
                                            else:
                                                shell = session_handler.export_stored_cmd(
                                                    url, cmd, vuln_parameter)
                                            if shell:
                                                html_parser = HTMLParser.HTMLParser(
                                                )
                                                shell = html_parser.unescape(
                                                    shell)
                                                # Update logs with executed cmds and execution results.
                                                logs.executed_command(
                                                    filename, cmd, shell)
                                            if shell != "":
                                                if settings.VERBOSITY_LEVEL == 1:
                                                    print ""
                                                print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
                                            else:
                                                if settings.VERBOSITY_LEVEL >= 1:
                                                    print ""
                                                err_msg = "The '" + cmd + "' command, does not return any output."
                                                print settings.print_critical_msg(
                                                    err_msg) + "\n"

                                    except KeyboardInterrupt:
                                        raise

                                    except SystemExit:
                                        raise

                            elif gotshell in settings.CHOICE_NO:
                                if checks.next_attack_vector(
                                        technique, go_back) == True:
                                    break
                                else:
                                    if no_result == True:
                                        return False
                                    else:
                                        return True

                            elif gotshell in settings.CHOICE_QUIT:
                                sys.exit(0)

                            else:
                                err_msg = "'" + gotshell + "' is not a valid answer."
                                print settings.print_error_msg(err_msg)
                                pass

    if no_result == True:
        print ""
        return False
    else:
        sys.stdout.write("\r")
        sys.stdout.flush()
Пример #38
0
def main(instance, config, profile):
    configpath = os.path.expanduser(config)
    if os.path.isfile(configpath) and not os.access(configpath, os.W_OK):
        # warn the user before they're asked for input
        cprint(
            "Config file does not appear to be writable: {}".format(
                configpath), fg('red'))

    config = parse_config(configpath)

    # make sure profile name is legal
    profile = re.sub(r'\s+', '', profile)  # disallow whitespace
    profile = profile.lower()  # force to lowercase
    if profile == '' or profile in RESERVED:
        cprint("Invalid profile name: {}".format(profile), fg('red'))
        sys.exit(1)

    if not config.has_section(profile):
        config.add_section(profile)

    instance, client_id, client_secret, token = \
                            get_or_input_profile(config, profile, instance)

    if not token:
        cprint("Could not log you in.  Please try again later.", fg('red'))
        sys.exit(1)

    mastodon = Mastodon(client_id=client_id,
                        client_secret=client_secret,
                        access_token=token,
                        api_base_url="https://" + instance)

    # update config before writing
    if "token" not in config[profile]:
        config[profile] = {
            'instance': instance,
            'client_id': client_id,
            'client_secret': client_secret,
            'token': token
        }

    save_config(configpath, config)

    say_error = lambda a, b: cprint(
        "Invalid command. Use 'help' for a list of commands.",
        fg('white') + bg('red'))

    print("You are connected to ", end="")
    cprint(instance, fg('green') + attr('bold'))
    print("Enter a command. Use 'help' for a list of commands.")
    print("\n")

    user = mastodon.account_verify_credentials()
    prompt = "[@{} ({})]: ".format(str(user['username']), profile)

    # Completion setup stuff
    for i in mastodon.account_following(user['id'], limit=80):
        bisect.insort(completion_list, '@' + i['acct'])
    readline.set_completer(complete)
    readline.parse_and_bind("tab: complete")
    readline.set_completer_delims(' ')

    while True:
        command = input(prompt).split(' ', 1)
        rest = ""
        try:
            rest = command[1]
        except IndexError:
            pass
        command = command[0]
        cmd_func = commands.get(command, say_error)
        cmd_func(mastodon, rest)
Пример #39
0
                    matches.append(match)
            if matches or not noprefix:
                break
            if noprefix == '_':
                noprefix = '__'
            else:
                noprefix = None
        matches.sort()
        return matches


def get_class_members(klass):
    ret = dir(klass)
    if hasattr(klass, '__bases__'):
        for base in klass.__bases__:
            ret = ret + get_class_members(base)
    return ret


try:
    import readline
except ImportError:
    _readline_available = False
else:
    readline.set_completer(Completer().complete)
    # Release references early at shutdown (the readline module's
    # contents are quasi-immortal, and the completer function holds a
    # reference to globals).
    atexit.register(lambda: readline.set_completer(None))
    _readline_available = True
Пример #40
0
                        # IPython; thanks Michael Toomim
                        if '__builtins__' in _env:
                            del _env['__builtins__']
                        shell = IPython.Shell.IPShell(argv=[], user_ns=_env)
                        shell.mainloop()
                        return
                except:
                    logger.warning(
                        'import IPython error; use default python shell')
        try:
            import readline
            import rlcompleter
        except ImportError:
            pass
        else:
            readline.set_completer(rlcompleter.Completer(_env).complete)
            readline.parse_and_bind('tab:complete')
        code.interact(local=_env)


def parse_path_info(path_info):
    """
    Parse path info formatted like a/c/f where c and f are optional
    and a leading / accepted.
    Return tuple (a, c, f). If invalid path_info a is set to None.
    If c or f are omitted they are set to None.
    """

    mo = re.match(r'^/?(?P<a>\w+)(/(?P<c>\w+)(/(?P<f>\w+))?)?$',
                  path_info)
    if mo:
Пример #41
0
class Command(NoArgsCommand):
    option_list = NoArgsCommand.option_list + (
        make_option('--ipython',
                    action='store_true',
                    dest='ipython',
                    help='Tells Django to use IPython, not BPython.'),
        make_option(
            '--plain',
            action='store_true',
            dest='plain',
            help='Tells Django to use plain Python, not BPython nor IPython.'),
        make_option('--no-pythonrc',
                    action='store_true',
                    dest='no_pythonrc',
                    help='Tells Django to use plain Python, not IPython.'),
        make_option('--print-sql',
                    action='store_true',
                    default=False,
                    help="Print SQL queries as they're executed"),
    )
    help = "Like the 'shell' command but autoloads the models of all installed Django apps."

    requires_model_validation = True

    def handle_noargs(self, **options):
        # XXX: (Temporary) workaround for ticket #1796: force early loading of all
        # models from installed apps. (this is fixed by now, but leaving it here
        # for people using 0.96 or older trunk (pre [5919]) versions.
        from django.db.models.loading import get_models, get_apps
        loaded_models = get_models()

        use_ipython = options.get('ipython', False)
        use_plain = options.get('plain', False)
        use_pythonrc = not options.get('no_pythonrc', True)

        if options.get("print_sql", False):
            # Code from http://gist.github.com/118990
            from django.db.backends import util
            try:
                import sqlparse
            except ImportError:
                sqlparse = None

            class PrintQueryWrapper(util.CursorDebugWrapper):
                def execute(self, sql, params=()):
                    try:
                        return self.cursor.execute(sql, params)
                    finally:
                        raw_sql = self.db.ops.last_executed_query(
                            self.cursor, sql, params)
                        if sqlparse:
                            print sqlparse.format(raw_sql, reindent=True)
                        else:
                            print raw_sql
                        print

            util.CursorDebugWrapper = PrintQueryWrapper

        # Set up a dictionary to serve as the environment for the shell, so
        # that tab completion works on objects that are imported at runtime.
        # See ticket 5082.
        from django.conf import settings
        imported_objects = {'settings': settings}
        for app_mod in get_apps():
            app_models = get_models(app_mod)
            if not app_models:
                continue
            model_labels = ", ".join([model.__name__ for model in app_models])
            print self.style.SQL_COLTYPE(
                "From '%s' autoload: %s" %
                (app_mod.__name__.split('.')[-2], model_labels))
            for model in app_models:
                try:
                    imported_objects[model.__name__] = getattr(
                        __import__(app_mod.__name__, {}, {}, model.__name__),
                        model.__name__)
                except AttributeError, e:
                    print self.style.ERROR(
                        "Failed to import '%s' from '%s' reason: %s" %
                        (model.__name__, app_mod.__name__.split('.')[-2],
                         str(e)))
                    continue
        try:
            if use_plain:
                # Don't bother loading B/IPython, because the user wants plain Python.
                raise ImportError
            try:
                if use_ipython:
                    # User wants IPython
                    raise ImportError
                from bpython import embed
                embed(imported_objects)
            except ImportError:
                # Explicitly pass an empty list as arguments, because otherwise IPython
                # would use sys.argv from this script.
                """
                try:
                    from IPython.core.iplib import InteractiveShell
                    shell = InteractiveShell(user_ns=imported_objects)
                except ImportError:
                    import IPython
                    shell = IPython.Shell.IPShell(argv=[], user_ns=imported_objects)
                """
                try:
                    from IPython.core.iplib import InteractiveShell
                    shell = InteractiveShell(user_ns=imported_objects)
                except ImportError:
                    shell = IPython.Shell.IPShell(argv=[],
                                                  user_ns=imported_objects)
                shell.mainloop()

        except ImportError:
            # Using normal Python shell
            import code
            try:
                # Try activating rlcompleter, because it's handy.
                import readline
            except ImportError:
                pass
            else:
                # We don't have to wrap the following import in a 'try', because
                # we already know 'readline' was imported successfully.
                import rlcompleter
                readline.set_completer(
                    rlcompleter.Completer(imported_objects).complete)
                readline.parse_and_bind("tab:complete")

            # We want to honor both $PYTHONSTARTUP and .pythonrc.py, so follow system
            # conventions and get $PYTHONSTARTUP first then import user.
            if use_pythonrc:
                pythonrc = os.environ.get("PYTHONSTARTUP")
                if pythonrc and os.path.isfile(pythonrc):
                    try:
                        execfile(pythonrc)
                    except NameError:
                        pass
                # This will import .pythonrc.py as a side-effect
                import user
            code.interact(local=imported_objects)
Пример #42
0
_logger = logging.getLogger(__name__)

PROP_INIT_FILE = "pelix.shell.console.init_file"
""" Shell script to execute before starting the console """

PROP_RUN_FILE = "pelix.shell.console.script_file"
""" Script to run as shell input """

# ------------------------------------------------------------------------------

try:
    # Set up readline if available
    import readline

    readline.parse_and_bind("tab: complete")
    readline.set_completer(None)
except ImportError:
    # Readline is missing, not critical
    readline = None

# ------------------------------------------------------------------------------


class InteractiveShell(object):
    """
    The interactive shell handler
    """

    def __init__(self, context):
        """
        Sets up the members
Пример #43
0
                img_file = os.path.join(url, '', img)
                _colorize_one_img(img_file)
        else:
            _colorize_one_img(url)


# The working dir of the command which invokes this script.

CMD_CWD = get_cmd_cwd()


# Setup input path completion

readline.set_completer_delims('\t')
readline.parse_and_bind("tab: complete")
readline.set_completer(_tab_complete_path)

# Scoring

if len(args.path) == 0:
    try:
        url = input("Path or URL of images to colorize (Quit by Ctrl-d):\n(You could try images in '~/.mlhub/colorize/images/')\n> ")
    except EOFError:
        print()
        sys.exit(0)

    while url != '':
        _colorize(url)

        try:
            url = input('\nPath or URL of images to colorize (Quit by Ctrl-d):\n> ')
Пример #44
0
def run_cmdshell(shell, session):
    import copy

    exec_cmd_name = 'implant/manage/exec_cmd'
    download_file_name = 'implant/util/download_file'
    upload_file_name = 'implant/util/upload_file'
    # this won't work, Error: "can't pickle module objects"
    #plugin = copy.deepcopy(shell.plugins['implant/manage/exec_cmd'])
    plugin = shell.plugins[exec_cmd_name]
    download_file_plugin = shell.plugins[download_file_name]
    upload_file_plugin = shell.plugins[upload_file_name]

    # copy (hacky shit)
    old_prompt = shell.prompt
    old_clean_prompt = shell.clean_prompt
    old_state = shell.state

    old_zombie = plugin.options.get("ZOMBIE")
    old_cmd = plugin.options.get("CMD")

    id = str(session.id)
    ip = session.ip

    emucwd = session.realcwd

    while True:
        shell.state = exec_cmd_name
        shell.prompt = get_prompt(shell, id, ip, emucwd, True)
        shell.clean_prompt = get_prompt(shell, id, ip, emucwd, False)
        plugin.options.set("ZOMBIE", id)

        try:
            import readline
            readline.set_completer(None)
            cmd = shell.get_command(shell.prompt)

            if len(cmd) > 0:
                if cmd.lower() in ['exit', 'quit']:
                    return
                elif cmd.split()[0].lower() == 'download' and len(
                        cmd.split()) > 1:
                    old_download_zombie = download_file_plugin.options.get(
                        "ZOMBIE")
                    old_download_rfile = download_file_plugin.options.get(
                        "RFILE")
                    download_file_plugin.options.set("ZOMBIE", id)
                    rfile = emucwd
                    if rfile[-1] != "\\":
                        rfile += "\\"
                    rfile += " ".join(cmd.split(" ")[1:])
                    download_file_plugin.options.set("RFILE", rfile)
                    download_file_plugin.run()
                    download_file_plugin.options.set("ZOMBIE",
                                                     old_download_zombie)
                    download_file_plugin.options.set("RFILE",
                                                     old_download_rfile)
                    continue
                elif cmd.split()[0].lower() == 'upload' and len(
                        cmd.split()) > 1:
                    old_upload_zombie = upload_file_plugin.options.get(
                        "ZOMBIE")
                    old_upload_lfile = upload_file_plugin.options.get("LFILE")
                    old_upload_dir = upload_file_plugin.options.get(
                        "DIRECTORY")
                    upload_file_plugin.options.set("ZOMBIE", id)
                    lfile = cmd.split()[1]
                    upload_file_plugin.options.set("LFILE", lfile)
                    upload_file_plugin.options.set("DIRECTORY", emucwd)
                    upload_file_plugin.run()
                    upload_file_plugin.options.set("ZOMBIE", old_upload_zombie)
                    upload_file_plugin.options.set("LFILE", old_upload_lfile)
                    upload_file_plugin.options.set("DIRECTORY", old_upload_dir)
                    continue
                elif cmd.split()[0].lower() == 'cd' and len(cmd.split()) > 1:
                    dest = " ".join(cmd.split(" ")[1:])
                    if ":" not in dest and ".." not in dest:
                        if emucwd[-1] != "\\":
                            emucwd += "\\"
                        emucwd += dest
                    elif ".." in dest:
                        for d in dest.split("\\"):
                            if ".." in d:
                                emucwd = "\\".join(emucwd.split("\\")[:-1])
                            else:
                                if emucwd[-1] != "\\":
                                    emucwd += "\\"
                                emucwd += d
                        if len(emucwd.split("\\")) == 1:
                            emucwd += "\\"

                    else:
                        emucwd = dest

                    if dest[0] == "%" and dest[-1] == "%":
                        plugin.options.set("CMD", "echo %s" % dest)
                        plugin.run()
                        j = plugin.ret_jobs[0]
                        for job in session.jobs:
                            if job.id == j:
                                while True:
                                    if job.results:
                                        varpath = job.results
                                        break
                        emucwd = varpath.split()[0]

                    cmd = "cd " + emucwd + " & cd"
                else:
                    if emucwd:
                        cmd = "cd " + emucwd + " & " + cmd

                plugin.options.set("CMD", cmd)
                plugin.run()
        except KeyboardInterrupt:
            shell.print_plain(shell.clean_prompt)
            return
        except EOFError:
            shell.print_plain(shell.clean_prompt)
            return
        finally:
            plugin.options.set("ZOMBIE", old_zombie)
            plugin.options.set("cmd", old_cmd)

            shell.prompt = old_prompt
            shell.clean_prompt = old_clean_prompt
            shell.state = old_state
Пример #45
0
    def menu(self):
        """
        Main interactive menu for shellcode selection.

        Utilizes Completer() to do tab completion on
        loaded metasploit payloads.
        """
        selected_payload = None
        options = None
        showMessage = False
        if settings.TERMINAL_CLEAR != "false":
            showMessage = True

        # if no generation method has been selected yet
        if self.msfvenomCommand == '' and self.custom_shellcode == '':

            # show banner?
            if settings.TERMINAL_CLEAR != "false":
                showMessage = True

            # prompt for custom shellcode or msfvenom
            custom_shellcode = self.payload_selection_menu(showMessage)

            # if custom shellcode is specified, set it
            if custom_shellcode == "ordnance":
                # Start figuring out Ordnance stuff here
                self.invoke_ordnance = True

            elif custom_shellcode:
                self.custom_shellcode = custom_shellcode

            # else, if no custom shellcode is specified, prompt for metasploit
            else:

                # instantiate our completer object for tab completion of available payloads
                comp = completer.MSFCompleter(self.payload_tree)

                # we want to treat '/' as part of a word, so override the delimiters
                readline.set_completer_delims(' \t\n;')
                readline.parse_and_bind("tab: complete")
                readline.set_completer(comp.complete)

                # have the user select the payload
                while selected_payload is None:

                    print(
                        '\n [*] Press %s for windows/meterpreter/reverse_tcp' %
                        helpers.color('[enter]', yellow=True))
                    print(' [*] Press %s to list available payloads' %
                          helpers.color('[tab]', yellow=True))

                    try:
                        selected_payload = self.required_options[
                            'MSF_PAYLOAD'][0]
                        print(' [>] Please enter metasploit payload: %s' %
                              (selected_payload))
                    except:
                        selected_payload = input(
                            ' [>] Please enter metasploit payload: ').strip(
                            ).lower()

                    if selected_payload == '':
                        # default to reverse_tcp for the payload
                        selected_payload = "windows/meterpreter/reverse_tcp"
                    try:
                        parts = selected_payload.split("/")
                        # walk down the selected parts of the payload tree to get to the options at the bottom
                        options = self.payload_tree
                        for part in parts:
                            options = options[part]

                    except KeyError:
                        # make sure user entered a valid payload
                        if 'PAYLOAD' in self.required_options:
                            del self.required_options['PAYLOAD']
                        print(
                            helpers.color(
                                " [!] ERROR: Invalid payload specified!\n",
                                warning=True))
                        selected_payload = None

                # remove the tab completer
                readline.set_completer(None)

                # set the internal payload to the one selected
                self.msfvenompayload = selected_payload

                # request a value for each required option
                for option in options:
                    value = ""
                    while value == '':

                        ### VALIDATION ###
                        # LHOST is a special case, so we can tab complete the local IP
                        if option == "LHOST":

                            try:
                                value = self.required_options['LHOST'][0]
                                print(
                                    ' [>] Enter value for \'LHOST\', [tab] for local IP: %s'
                                    % (value))
                            except:
                                # set the completer to fill in the local IP
                                readline.set_completer(
                                    completer.IPCompleter().complete)
                                value = input(
                                    ' [>] Enter value for \'LHOST\', [tab] for local IP: '
                                ).strip()

                            if '.' in value:

                                hostParts = value.split(".")
                                if len(hostParts) > 1:

                                    # if the last chunk is a number, assume it's an IP address
                                    if hostParts[-1].isdigit():

                                        # do a IP validation check
                                        if not helpers.validate_ip(value):
                                            if 'LHOST' in self.required_options:
                                                self.required_options['LHOST'][
                                                    0] = ""
                                            print(
                                                helpers.color(
                                                    "\n [!] ERROR: Bad IP address specified.\n",
                                                    warning=True))
                                            value = ""

                                    # otherwise assume we've been passed a domain name
                                    else:
                                        if not helpers.validate_hostname(
                                                value):
                                            if 'LHOST' in self.required_options:
                                                self.required_options['LHOST'][
                                                    0] = ""
                                            print(
                                                helpers.color(
                                                    "\n [!] ERROR: Bad hostname specified.\n",
                                                    warning=True))
                                            value = ""

                                # if we don't have at least one period in the hostname/IP
                                else:
                                    if 'LHOST' in self.required_options:
                                        del self.required_options['LHOST']
                                    print(
                                        helpers.color(
                                            "\n [!] ERROR: Bad IP address or hostname specified.\n",
                                            warning=True))
                                    value = ""

                            elif ':' in value:
                                try:
                                    socket.inet_pton(socket.AF_INET6, value)
                                except socket.error:
                                    if 'LHOST' in self.required_options:
                                        self.required_options['LHOST'][0] = ""
                                    print(
                                        helpers.color(
                                            "\n [!] ERROR: Bad IP address or hostname specified.\n",
                                            warning=True))
                                    value = ""

                            else:
                                if 'LHOST' in self.required_options:
                                    self.required_options['LHOST'][0] = ""
                                print(
                                    helpers.color(
                                        "\n [!] ERROR: Bad IP address or hostname specified.\n",
                                        warning=True))
                                value = ""

                        elif option == "LPORT":
                            try:
                                value = self.required_options['LPORT'][0]
                                print(' [>] Enter value for \'LPORT\': %s' %
                                      (value))
                            except:
                                # set the completer to fill in the default MSF port (4444)
                                readline.set_completer(
                                    completer.MSFPortCompleter().complete)
                                value = input(
                                    ' [>] Enter value for \'LPORT\': ').strip(
                                    )

                            try:
                                if int(value) <= 0 or int(value) >= 65535:
                                    print(
                                        helpers.color(
                                            " [!] ERROR: Bad port number specified.\n",
                                            warning=True))
                                    if 'LPORT' in self.required_options:
                                        self.required_options['LPORT'][0] = ""
                                    value = ""
                            except ValueError:
                                print(
                                    helpers.color(
                                        " [!] ERROR: Bad port number specified.\n",
                                        warning=True))
                                if 'LPORT' in self.required_options:
                                    self.required_options['LPORT'][0] = ""
                                value = ""

                        else:
                            value = input(' [>] Enter value for \'' + option +
                                          '\': ').strip()

                    # append all the msfvenom options
                    self.msfvenom_options.append(option + "=" + value)

                # allow the user to input any extra OPTION=value pairs
                extra_msf_options = list()
                while True:
                    # clear out the tab completion
                    readline.set_completer(completer.none().complete)
                    selection = input(
                        ' [>] Enter any extra msfvenom options (syntax: OPTION1=value1 or -OPTION2=value2): '
                    ).strip()
                    if selection != '':
                        num_extra_options = selection.split(' ')
                        for xtra_opt in num_extra_options:
                            if xtra_opt != '':
                                if "=" not in xtra_opt:
                                    print(
                                        helpers.color(
                                            " [!] Parameter not entered in correct syntax.\n",
                                            warning=True))
                                    continue
                                if "-" in xtra_opt.split('=')[0]:
                                    final_opt = xtra_opt.split(
                                        '=')[0] + " " + xtra_opt.split('=')[1]
                                    extra_msf_options.append(final_opt)
                                else:
                                    final_opt = xtra_opt.split(
                                        '=')[0] + "=" + xtra_opt.split('=')[1]
                                    extra_msf_options.append(final_opt)
                    else:
                        break

                # grab any specified msfvenom options in the /etc/veil/settings.py file
                msfvenom_options = ""
                if hasattr(settings, "MSFVENOM_OPTIONS"):
                    msfvenom_options = settings.MSFVENOM_OPTIONS

                # build out the msfvenom command
                self.msfvenomCommand = "msfvenom " + msfvenom_options + " -p " + selected_payload
                for option in self.msfvenom_options:
                    self.msfvenomCommand += " " + option
                    self.options.append(option)
                if len(extra_msf_options) != 0:
                    self.msfvenomCommand += " " + " ".join(extra_msf_options)
                self.msfvenomCommand += " -f c | tr -d \'\"\' | tr -d \'\\n\'"
                return
Пример #46
0
def input_cmd(dns_server, http_request_method, url, vuln_parameter, technique):

    err_msg = ""
    if menu.enumeration_options():
        err_msg += "enumeration"
    if menu.file_access_options():
        if err_msg != "":
            err_msg = err_msg + " and "
        err_msg = err_msg + "file-access"

    if err_msg != "":
        warn_msg = "The " + err_msg + " options are not supported "
        warn_msg += "by this module because of the structure of the exfiltrated data. "
        warn_msg += "Please try using any unix-like commands manually."
        print settings.print_warning_msg(warn_msg)

    # Pseudo-Terminal shell
    go_back = False
    go_back_again = False
    while True:
        if go_back == True:
            break
        question_msg = "Do you want a Pseudo-Terminal shell? [Y/n/q] > "
        gotshell = raw_input("\n" + settings.print_info_msg(info_msg)).lower()
        if gotshell in settings.CHOICE_YES:
            print "\nPseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
            if readline_error:
                checks.no_readline_module()
            while True:
                try:
                    # Tab compliter
                    if not readline_error:
                        readline.set_completer(menu.tab_completer)
                        # MacOSX tab compliter
                        if getattr(readline, '__doc__',
                                   '') is not None and 'libedit' in getattr(
                                       readline, '__doc__', ''):
                            readline.parse_and_bind("bind ^I rl_complete")
                        # Unix tab compliter
                        else:
                            readline.parse_and_bind("tab: complete")
                    cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED +
                                    """os_shell""" + Style.RESET_ALL +
                                    """) > """)
                    cmd = checks.escaped_cmd(cmd)
                    if cmd.lower() in settings.SHELL_OPTIONS:
                        if cmd.lower() == "quit" or cmd.lower() == "back":
                            print ""
                            os._exit(0)
                        elif cmd.lower() == "?":
                            menu.shell_options()
                        elif cmd.lower() == "os_shell":
                            warn_msg = "You are already into the 'os_shell' mode."
                            print settings.print_warning_msg(warn_msg) + "\n"
                        elif cmd.lower() == "reverse_tcp":
                            warn_msg = "This option is not supported by this module."
                            print settings.print_warning_msg(warn_msg) + "\n"
                    else:
                        # Command execution results.
                        cmd_exec(dns_server, http_request_method, cmd, url,
                                 vuln_parameter)

                except KeyboardInterrupt:
                    print ""
                    os._exit(0)

                except:
                    print ""
                    os._exit(0)

        elif gotshell in settings.CHOICE_NO:
            print ""
            os._exit(0)

        elif gotshell in settings.CHOICE_QUIT:
            print ""
            os._exit(0)

        else:
            if gotshell == "":
                gotshell = "enter"
            err_msg = "'" + gotshell + "' is not a valid answer."
            print settings.print_error_msg(err_msg)
            pass
Пример #47
0
def main():
    # Start setup
    utilities.print_title("PYCP2K INSTALLATION STARTED")

    # Setup filepath autocompleter
    readline.set_completer_delims(' \t\n;')
    readline.parse_and_bind("tab: complete")
    readline.set_completer(complete)

    # Determine the available cp2k executables
    cp2k_commands = [["cp2k", False], ["cp2k.sopt", False],
                     ["cp2k.popt", False], ["cp2k.ssmp", False],
                     ["cp2k.psmp", False]]
    for item in cp2k_commands:
        if which(item[0]) is not None:
            item[1] = True

    #---------------------------------------------------------------------------
    # Ask user whether to use executable or xml
    print(textwrap.fill("How should the input structure be created?",
                        width=80))
    options1 = ["from CP2K executable", "from .xml file"]
    print("")
    for i_option, option in enumerate(options1):
        print("    [{}]  {}".format(i_option + 1, option))
    print("")
    opt = list(range(1, len(options1) + 1))
    source = ask('Enter option number: ', opt)

    #---------------------------------------------------------------------------
    # Executable chosen
    if source == 1:

        # Ask user what to do
        print(
            "|------------------------------------------------------------------------------|"
        )
        print(
            textwrap.fill(
                "Choose the CP2K executable. It will be used for creating the xml file and set as the default CP2K executable for PYCP2K. This setting can be changed by modifying config.py in the pycp2k folder, and can be dynamically overridden for each simulation with the 'cp2k_command' attribute.",
                width=80))
        print("")
        for i, [name, avail] in enumerate(cp2k_commands):
            if avail:
                print("    [{}] {}".format(i + 1, name))
            else:
                print("    [x] {} not available".format(name))
        print("    [" + str(len(cp2k_commands) + 1) +
              "] Custom CP2K executable name\n")
        options = [
            x for x in range(1, len(cp2k_commands)) if cp2k_commands[x - 1][1]
        ]
        options.append(len(cp2k_commands) + 1)
        option_number = ask('Enter option number: ', options)

        if option_number == len(cp2k_commands) + 1:
            cp2k_default_command = input('Enter CP2K executable name: ')
        else:
            cp2k_default_command = cp2k_commands[int(option_number - 1)][0]

        # Call cp2k comand with flag --xml to create the xml file of the input structure
        try:
            call([cp2k_default_command, "--xml"])
        except OSError:
            utilities.print_error(
                "Could not call executable {} with flag --xml. Canceling installation..."
                .format(cp2k_default_command))
            utilities.print_title("INSTALLATION FAILED")
            return False
        xml_path = "cp2k_input.xml"

    #---------------------------------------------------------------------------
    # xml chosen
    else:
        print(
            "|------------------------------------------------------------------------------|"
        )
        xml_path = input('Enter path to .xml file: ')
        while not os.path.isfile(xml_path):
            print("Invalid path provided. Please try again")
            xml_path = input('Enter path to .xml file:')

        #---------------------------------------------------------------------------
        # Ask for the default CP2K command
        print(
            "|------------------------------------------------------------------------------|"
        )
        print(
            textwrap.fill(
                "Choose the default CP2K executable if available. This executable is used by default for running CP2K. It can be changed by modifying config.py in the pycp2k folder, and can be dynamically overridden for each simulation with the 'cp2k_command' attribute.",
                width=80))
        print("")
        for i, [name, avail] in enumerate(cp2k_commands):
            print("    [" + str(i + 1) + "] " + name)
        print("    [{}] Custom CP2K executable name".format(
            len(cp2k_commands) + 1))
        print("")
        option_number = ask('Enter option number: ',
                            list(range(1,
                                       len(cp2k_commands) + 2)))

        if option_number == len(cp2k_commands) + 1:
            cp2k_default_command = input('Enter CP2K executable name: ')
        else:
            cp2k_default_command = cp2k_commands[int(option_number - 1)][0]

    #---------------------------------------------------------------------------
    # Ask for the default MPI command
    print(
        "|------------------------------------------------------------------------------|"
    )
    print(
        textwrap.fill(
            "Choose the default MPI executable. If you wan't to perform only serial calculations or define MPI command later, choose option 1. The executable is used by default for MPI parallel runs. It can be changed by modifying config.py in the pycp2k folder, and can be dynamically overridden for each simulation with the 'mpi_command' attribute.",
            width=80))
    print("")
    mpi_commands = ["mpirun", "srun --mpi=openmpi", "srun --mpi=pmi2"]
    print("    [{}] No MPI command defined for now".format(1))
    for i, name in enumerate(mpi_commands):
        print("    [{}] {}".format(i + 2, name))
    print("    [{}] Custom MPI executable name".format(len(mpi_commands) + 2))
    print("")
    option_number = ask('Enter option number: ',
                        list(range(1,
                                   len(mpi_commands) + 3)))

    mpi_on_default = True
    if option_number == len(mpi_commands) + 2:
        mpi_default_command = input('Enter MPI executable name: ')
    elif option_number == 1:
        mpi_default_command = ""
        mpi_on_default = False
    else:
        mpi_default_command = mpi_commands[int(option_number - 2)]

    #---------------------------------------------------------------------------
    # Call input parser with the xml file
    (version, revision) = inputparser.main(xml_path)
    utilities.print_title("INSTALLING PACKAGE")

    #---------------------------------------------------------------------------
    # Write the config file
    with open('pycp2k/config.py', 'w') as config_file:
        contents = ("#! /usr/bin/env python\n"
                    "# -*- coding: utf-8 -*-\n\n"
                    "cp2k_default_command = \"" + cp2k_default_command + "\"\n"
                    "mpi_default_command = \"" + mpi_default_command + "\"\n"
                    "mpi_on_default = " + str(mpi_on_default) + "\n"
                    "build_version = \"" + version.split()[2] + "\"\n"
                    "build_revision = \"" + revision.split()[-1] + "\"")
        config_file.write(contents)

    # Start package setup
    setup(name='pycp2k',
          version='0.1',
          description='A python interface to CP2K',
          url='https://github.com/SINGROUP/pycp2k.git',
          author='Lauri Himanen',
          author_email='*****@*****.**',
          license='MIT',
          packages=find_packages(),
          zip_safe=False)

    utilities.print_title("INSTALLATION COMPLETED SUCCESFULLY")
Пример #48
0
                    
                except (KeyError, IndexError) as err:
                    logging.error('completion error: %s', err)
                    self.current_candidates = []
        
        try:
            response = self.current_candidates[state]
        except IndexError:
            response = None
        logging.debug('complete(%s, %s) => %s', repr(text), state, response)
        return response
            

def input_loop():
    line = ''
    while line != 'stop':
        line = input('Prompt ("stop" to quit): ')
        print(f'Dispatch {line}')

# 補完関数を登録する
readline.set_completer(BufferAwareCompleter(
    {'list':['files', 'directories'],
     'print':['byname', 'bysize'],
     'stop':[],
    }).complete)

# 補完に tab キーを使用する
readline.parse_and_bind('tab: complete')

# ユーザへテキストを表示する
input_loop()
Пример #49
0
         if not matches: matches = []
         matches += self.file_matches( text )
         return matches

      def attr_matches( self, text ):
         matches = rlcompleter.Completer.attr_matches( self, text )
         if not matches: matches = []
         b = text.find('.')
         try:
            if 0 <= b and self.namespace[text[:b]].__name__ == 'ROOT':
               matches += self.root_global_matches( text[b+1:], text[:b+1] )
         except AttributeError:    # not all objects have a __name__
            pass
         return matches

   readline.set_completer( RootNameCompleter().complete )
   readline.set_completer_delims(
      readline.get_completer_delims().replace( os.sep , '' ) )

   readline.parse_and_bind( 'tab: complete' )
   readline.parse_and_bind( 'set show-all-if-ambiguous On' )
except:
 # module readline typically doesn't exist on non-Unix platforms
   pass

## special filter on MacOS X (warnings caused by linking that is still required)
if sys.platform == 'darwin':
   import warnings
   warnings.filterwarnings( action='ignore', category=RuntimeWarning, module='ROOT',\
      message='class \S* already in TClassTable$' )
Пример #50
0
    def payload_selection_menu(self, showTitle=True):
        """
        Menu to prompt the user for a custom shellcode string.

        Returns None if nothing is specified.
        """

        # print out the main title to reset the interface
        if showTitle:
            evasion_helpers.title_screen()
        else:
            print()

        print(helpers.color(" [?] Generate or supply custom shellcode?\n"))
        print('     %s - Ordnance %s' %
              (helpers.color('1'), helpers.color('(default)', yellow=True)))
        print('     %s - MSFVenom' % (helpers.color('2')))
        print('     %s - Custom shellcode string' % (helpers.color('3')))
        print('     %s - File with shellcode (\\x41\\x42..)' %
              (helpers.color('4')))
        print('     %s - Binary file with shellcode\n' % helpers.color('5'))

        try:
            choice = self.required_options['SHELLCODE'][0].lower().strip()
            print(" [>] Please enter the number of your choice: %s" % (choice))
        except:
            choice = input(
                " [>] Please enter the number of your choice: ").strip()

        if choice == '4':
            # instantiate our completer object for path completion
            comp = completer.PathCompleter()

            # we want to treat '/' as part of a word, so override the delimiters
            readline.set_completer_delims(' \t\n;')
            readline.parse_and_bind("tab: complete")
            readline.set_completer(comp.complete)

            # if the shellcode is specicified as a raw file
            filePath = input(
                " [>] Please enter the path to your shellcode file: ")

            try:
                with open(filePath, 'r') as shellcode_file:
                    file_shellcode = shellcode_file.read()
                    file_shellcode = file_shellcode.strip()
            except:
                print(
                    helpers.color(
                        " [!] WARNING: path not found, defaulting to msfvenom!",
                        warning=True))
                return None

            if len(file_shellcode) == 0:
                print(
                    helpers.color(
                        " [!] WARNING: no custom shellcode restrieved, defaulting to msfvenom!",
                        warning=True))
                return None

            # check if the shellcode was passed in as string-escaped form
            if file_shellcode[0:2] == "\\x" and file_shellcode[4:6] == "\\x":
                return file_shellcode
            else:
                # otherwise encode the raw data as a hex string
                hexString = binascii.hexlify(file_shellcode)
                file_shellcode = "\\x" + "\\x".join(
                    [hexString[i:i + 2] for i in range(0, len(hexString), 2)])
                return file_shellcode

            # remove the completer
            readline.set_completer(None)

        elif choice == '5':
            # instantiate our completer object for path completion
            comp = completer.PathCompleter()

            # we want to treat '/' as part of a word, so override the delimiters
            readline.set_completer_delims(' \t\n;')
            readline.parse_and_bind("tab: complete")
            readline.set_completer(comp.complete)

            # if the shellcode is specicified as a raw file
            filePath = input(
                " [>] Please enter the path to your binary file: ")

            try:
                with open(filePath, 'rb') as shellcode_file:
                    file_shellcode = shellcode_file.read()

            except:
                print(
                    helpers.color(
                        " [!] WARNING: path not found, defaulting to msfvenom!",
                        warning=True))
                return None

            if len(file_shellcode) == 0:
                print(
                    helpers.color(
                        " [!] WARNING: no custom shellcode restrieved, defaulting to msfvenom!",
                        warning=True))
                return None

            binary_code = ""
            # Convert from binary to shellcode
            for byte in file_shellcode:
                binary_code += "\\x" + hex(byte)[2:].zfill(2)
            return binary_code

        elif choice == '3' or choice == 'string':
            # if the shellcode is specified as a string
            cust_sc = input(
                " [>] Please enter custom shellcode (one line, no quotes, \\x00.. format): "
            )
            if len(cust_sc) == 0:
                print(
                    helpers.color(
                        " [!] WARNING: no shellcode specified, defaulting to msfvenom!",
                        warning=True))
            return cust_sc

        elif choice == '' or choice == '1' or choice.lower(
        ) == 'veil-ordnance' or choice.lower() == 'ordnance':
            return 'ordnance'

        elif choice == '2' or choice.lower() == 'msf' or choice.lower(
        ) == 'metasploit' or choice.lower() == 'msfvenom':
            return None

        else:
            print(
                helpers.color(
                    " [!] WARNING: Invalid option chosen, defaulting to Ordnance!",
                    warning=True))
            return 'ordnance'
Пример #51
0
 def __exit__(self, exception_type, exception_value, traceback):
     readline.set_completer(self._old_completer)
Пример #52
0
 def prelude(self):
     readline.set_completer(self._genCompleter().complete)
     self._prelude_1()
Пример #53
0
def read_imported_config(project_path, project_name, projects=None):

    completer = Completer()
    readline.set_completer_delims('\t')
    readline.parse_and_bind('tab: complete')
    readline.set_completer(completer.path_completer)

    # Oh god this logic is a disaster, user interfaces are hard
    bad_user = True
    while bad_user:
        relearn_str = str_input(
            'Do you want to learn on new starting from these weights? (yes or no) '
        )
        if relearn_str.lower() == 'yes' or relearn_str.lower() == 'y':
            bad_user = False
            relearn = True
        elif relearn_str.lower() == 'no' or relearn_str.lower() == 'n':
            bad_user = False
            relearn = False

    unique_name = False
    while unique_name == False:
        unique_name = True
        if projects is not None:
            for project in projects:
                if project['name'] == project_name:
                    print(
                        colored('Project with this name already exists.',
                                'red'))
                    project_name = str_input('Provide a new project name: ')
                    unique_name = False
    if relearn:
        image_path = os.path.expanduser(
            input('Select parent directory for your images: '))
        path_unset = True
        while path_unset:
            project_dest = os.path.expanduser(
                input('Select destination for your project: '))
            if (project_dest.find(image_path) == 0):
                print(
                    'Project destination should not be same or within image directory!'
                )
            else:
                path_unset = False
    else:
        project_dest = os.path.expanduser(
            input('Select destination for your project: '))

    if os.path.isdir(project_dest) == False:
        print('Creating directory:', project_dest)
        os.makedirs(project_dest, exist_ok=True)
    # You don't get to judge me t('-' t)
    with open(os.path.join(project_path, 'config.yaml'), 'r') as fp:
        import_project = yaml.load(fp.read())
    import_project['name'] = project_name
    import_project['path'] = project_dest

    if relearn:

        kfold = int_input('number of folds to use (suggested: 5)', 3, 10)
        kfold_every = bool_input(
            'Fit a model for every fold? (if false, just fit one)')
        print(
            'Warning: if working on a remote computer, you may not be able to plot!'
        )
        plot_cm = bool_input('Plot a confusion matrix after training?')
        batch_size = int_input('batch size (suggested: 8)', 1, 64)
        learning_rate = float_input('learning rate (suggested: 0.001)', 0, 1)
        learning_rate_decay = float_input(
            'learning decay rate (suggested: 0.000001)', 0, 1)
        cycle = int_input(
            'number of cycles before resetting the learning rate (suggested: 3)',
            1, 10)
        num_rounds = int_input('number of rounds (suggested: 3)', 1, 100)

        import_project['img_path'] = image_path
        import_project['best_weights'] = [
            os.path.join(project_path, weight)
            for weight in os.listdir(project_path) if weight.find('.hdf5') > 0
        ]
        import_project['last_weights'] = import_project['best_weights']
        import_project['server_weights'] = None
        import_project['kfold'] = kfold
        import_project['kfold_every'] = kfold_every
        import_project['cycle'] = cycle
        import_project['seed'] = np.random.randint(9999)
        import_project['batch_size'] = batch_size
        import_project['learning_rate'] = learning_rate
        import_project['learning_rate_decay'] = learning_rate_decay
        if 'final_cutoff' not in import_project.keys():
            import_project['final_cutoff'] = 80
        import_project['rounds'] = num_rounds
        import_project['is_split'] = False
        import_project['is_array'] = False
        import_project['is_augmented'] = False
        import_project['is_pre_model'] = False
        import_project['model_round'] = 1
        import_project['plot'] = plot_cm

        print('')
        print('To re-learn new images with project:')
        print('')
        print(colored('    transfer --run --project ' + project_name, 'green'))
        print('or')
        print(colored('    transfer -r -p ' + project_name, 'green'))
        print('')
    else:
        import_project['server_weights'] = [
            os.path.join(project_path, weight)
            for weight in os.listdir(project_path) if weight.find('.hdf5') > 0
        ]

    return import_project
Пример #54
0
 def restore_completer(self):
     readline.set_completer(self.old_completer)
Пример #55
0
def main() -> None:
    python_version = '.'.join(str(v) for v in sys.version_info[:3])
    version = f'drgn {drgn.__version__} (using Python {python_version})'
    parser = argparse.ArgumentParser(prog='drgn',
                                     description='Scriptable debugger')

    program_group = parser.add_argument_group(
        title='program selection',
        description='one of the following is required',
    ).add_mutually_exclusive_group(required=True)
    program_group.add_argument('-c',
                               '--core',
                               metavar='PATH',
                               type=str,
                               help='debug the given core dump')
    program_group.add_argument('-k',
                               '--kernel',
                               action='store_true',
                               help='debug the running kernel')
    program_group.add_argument(
        '-p',
        '--pid',
        metavar='PID',
        type=int,
        help='debug the running process with the given PID')

    symbol_group = parser.add_argument_group('debugging symbols')
    symbol_group.add_argument(
        '-s',
        '--symbols',
        metavar='PATH',
        type=str,
        action='append',
        help=
        'load additional debugging symbols from the given file; this may option may be given more than once'
    )
    symbol_group.add_argument(
        '--no-default-symbols',
        dest='default_symbols',
        action='store_false',
        help=
        "don't load any debugging symbols that were not explicitly added with -s"
    )

    parser.add_argument(
        '-q',
        '--quiet',
        action='store_true',
        help=
        "don't print non-fatal warnings (e.g., about missing debugging information)"
    )
    parser.add_argument(
        'script',
        metavar='ARG',
        type=str,
        nargs='*',
        help='script to execute instead of running in interactive mode')
    parser.add_argument('--version', action='version', version=version)

    args = parser.parse_args()

    prog = drgn.Program()
    if args.core is not None:
        prog.set_core_dump(args.core)
    elif args.kernel:
        prog.set_kernel()
    else:
        prog.set_pid(args.pid or os.getpid())
    if args.default_symbols:
        try:
            prog.load_default_debug_info()
        except drgn.MissingDebugInfoError as e:
            if not args.quiet:
                print(str(e), file=sys.stderr)
    if args.symbols:
        try:
            prog.load_debug_info(args.symbols)
        except (drgn.FileFormatError, drgn.MissingDebugInfoError,
                OSError) as e:
            if not args.quiet:
                print(e, file=sys.stderr)

    init_globals: Dict[str, Any] = {'prog': prog}
    if args.script:
        sys.argv = args.script
        runpy.run_path(args.script[0],
                       init_globals=init_globals,
                       run_name='__main__')
    else:
        import atexit
        import readline

        from drgn.internal.rlcompleter import Completer

        init_globals['drgn'] = drgn
        drgn_globals = [
            'cast', 'container_of', 'NULL', 'Object', 'reinterpret'
        ]
        for attr in drgn_globals:
            init_globals[attr] = getattr(drgn, attr)
        init_globals['__name__'] = '__main__'
        init_globals['__doc__'] = None

        histfile = os.path.expanduser('~/.drgn_history')
        try:
            readline.read_history_file(histfile)
        except FileNotFoundError:
            pass
        readline.parse_and_bind('tab: complete')
        readline.set_history_length(1000)
        atexit.register(readline.write_history_file, histfile)

        readline.set_completer(Completer(init_globals).complete)
        atexit.register(lambda: readline.set_completer(None))

        sys.displayhook = displayhook

        banner = version + """
For help, type help(drgn).
>>> import drgn
>>> from drgn import """ + ', '.join(drgn_globals)
        if prog.flags & drgn.ProgramFlags.IS_LINUX_KERNEL:
            banner += '\n>>> from drgn.helpers.linux import *'
            module = importlib.import_module('drgn.helpers.linux')
            for name in module.__dict__['__all__']:
                init_globals[name] = getattr(module, name)
        code.interact(banner=banner, exitmsg='', local=init_globals)
Пример #56
0
 def __enter__(self):
     self._old_completer = readline.get_completer()
     readline.set_completer(self.completefunc)
     readline.parse_and_bind("tab: complete")
Пример #57
0
def userRawInput(prompt):
    readline.set_completer(None)
    s = raw_input(prompt)
    return s
Пример #58
0
def configure():
    '''
    Configure the transfer environment and store
    '''
    completer = Completer()
    readline.set_completer_delims('\t')
    readline.parse_and_bind('tab: complete')
    readline.set_completer(completer.path_completer)

    home = os.path.expanduser('~')
    if os.path.isfile(os.path.join(home, '.transfer', 'config.yaml')):
        with open(os.path.join(home, '.transfer', 'config.yaml'), 'r') as fp:
            config = yaml.load(fp.read())
    else:
        config = []

    project_name = input('Name your project: ')
    existing_project = None
    for project in config:
        if project_name == project['name']:
            existing_project = project_name
    if existing_project is not None:
        print(colored('Project ' + project_name + ' already exists', 'red'))
        overwrite = str_input(
            'Would you like to overwrite this project? (yes or no) ',
            ['yes', 'no'])
        if overwrite == 'no':
            return
        else:
            config = [
                project for project in config
                if project_name != project['name']
            ]

    image_path = os.path.expanduser(
        input('Select parent directory for your images: '))
    path_unset = True
    while path_unset:
        project_path = os.path.expanduser(
            input('Select destination for your project: '))
        if (project_path.find(image_path) == 0):
            print(
                'Project destination should not be same or within image directory!'
            )
        else:
            path_unset = False

    print('Select architecture:')
    print('[0] resnet50')
    print('[1] xception')
    print('[2] inception_v3')
    architecture = int_input('choice', 0, 2, show_range=False)
    if architecture == 0:
        arch = 'resnet50'
        img_dim = 224
        conv_dim = 7
        final_cutoff = 80
    elif architecture == 1:
        arch = 'xception'
        img_dim = 299
        conv_dim = 10
        final_cutoff = 80
    else:
        arch = 'inception_v3'
        img_dim = 299
        conv_dim = 8
        final_cutoff = 80
    api_port = int_input('port for local prediction API (suggested: 5000)',
                         1024, 49151)
    kfold = int_input('number of folds to use (suggested: 5)', 3, 10)
    kfold_every = bool_input(
        'Fit a model for every fold? (if false, just fit one)')
    print(
        'Warning: if working on a remote computer, you may not be able to plot!'
    )
    plot_cm = bool_input('Plot a confusion matrix after training?')
    batch_size = int_input('batch size (suggested: 8)', 1, 64)
    learning_rate = float_input('learning rate (suggested: 0.001)', 0, 1)
    learning_rate_decay = float_input(
        'learning decay rate (suggested: 0.000001)', 0, 1)
    cycle = int_input(
        'number of cycles before resetting the learning rate (suggested: 3)',
        1, 10)
    num_rounds = int_input('number of rounds (suggested: 3)', 1, 100)
    print('Select image resolution:')
    print('[0] low (' + str(img_dim) + ' px)')
    print('[1] mid (' + str(img_dim * 2) + ' px)')
    print('[2] high (' + str(img_dim * 4) + ' px)')
    img_resolution_index = int_input('choice', 0, 2, show_range=False)
    if img_resolution_index == 0:
        img_size = 1
    elif img_resolution_index == 1:
        img_size = 2
    else:
        img_size = 4
    use_augmentation = str_input(
        'Would you like to add image augmentation? (yes or no) ',
        ['yes', 'no'])
    if use_augmentation == 'yes':
        augmentations = select_augmentations()
    else:
        augmentations = None

    project = {
        'name': project_name,
        'img_path': image_path,
        'path': project_path,
        'plot': plot_cm,
        'api_port': api_port,
        'kfold': kfold,
        'kfold_every': kfold_every,
        'cycle': cycle,
        'seed': np.random.randint(9999),
        'batch_size': batch_size,
        'learning_rate': learning_rate,
        'learning_rate_decay': learning_rate_decay,
        'final_cutoff': final_cutoff,
        'rounds': num_rounds,
        'img_size': img_size,
        'augmentations': augmentations,
        'architecture': arch,
        'img_dim': img_dim,
        'conv_dim': conv_dim,
        'is_split': False,
        'is_array': False,
        'is_augmented': False,
        'is_pre_model': False,
        'is_final': False,
        'model_round': 0,
        'server_weights': None,
        'last_weights': None,
        'best_weights': None
    }

    config.append(project)
    store_config(config)
    print('')
    print(colored('Project configure saved!', 'cyan'))
    print('')
    print('To run project:')
    print('')
    print(colored('    transfer --run --project ' + project_name, 'green'))
    print('or')
    print(colored('    transfer -r -p ' + project_name, 'green'))
Пример #59
0

#Overload to pass the tab character through if no completion is possible
class irlcompleter(rlcompleter.Completer):
    def complete(self, text, state):
        if text == "":
            readline.insert_text('\t')
            return None
        else:
            return rlcompleter.Completer.complete(self, text, state)


historyPath = os.path.expanduser("~/.pyhistory")


def save_history(historyPath=historyPath):
    readline.write_history_file(historyPath)


atexit.register(save_history)
# You could change this line to bind another key instead of tab.
readline.parse_and_bind("tab: complete")
readline.set_completer(irlcompleter().complete)
# Restore our command-line history, and save it when Python exits.
try:
    readline.read_history_file(historyPath)
    print "Command history restored..."
except IOError:
    print "No prior command history..."
    pass
Пример #60
0
    def start(self):
        from stf.core.dataset import __datasets__
        # Logo.
        logo()
        self.db.list()

        # Setup shell auto-complete.
        def complete(text, state):
            # Try to autocomplete modules.
            mods = [i for i in __modules__ if i.startswith(text)]
            if state < len(mods):
                return mods[state]

            # Try to autocomplete commands.
            cmds = [i for i in self.cmd.commands if i.startswith(text)]
            if state < len(cmds):
                return cmds[state]

            # Then autocomplete paths.
            if text.startswith("~"):
                text = "{0}{1}".format(os.getenv("HOME"), text[1:])
            return (glob.glob(text+'*')+[None])[state]

        # Auto-complete on tabs.
        readline.set_completer_delims(' \t\n;')
        readline.parse_and_bind('tab: complete')
        readline.parse_and_bind('set editing-mode vi')
        readline.set_completer(complete)


        # Save commands in history file.
        def save_history(path):
            readline.write_history_file(path)
        
        if os.path.exists(self.history_path):
            readline.read_history_file(self.history_path)

        # Register the save history at program's exit.
        atexit.register(save_history, path=self.history_path)

        # Main loop.
        while self.active:
            if __datasets__.current:
                self.prefix = red(__datasets__.current.get_name() + ': ')
            else:
                self.prefix = ''
            prompt = self.prefix + cyan('stf > ', True)

            # Wait for input from the user.
            try:
                data = raw_input(prompt).strip()
            except KeyboardInterrupt:
                print("")
            # Terminate on EOF.
            except EOFError:
                self.stop()
                print("")
                continue
            # Parse the input if the user provided any.
            else:
                # Skip if the input is empty.
                if not data:
                    continue

                # Check for output redirection
                filename = False

                # If there is a > in the string, we assume the user wants to output to file.
                # We erase this because it was interfering with our > filter
                #if '>' in data:
                #    temp = data.split('>')
                #    data = temp[0]
                #    filename = temp[1]
                
                # If the input starts with an exclamation mark, we treat the
                # input as a bash command and execute it.
                if data.startswith('!'):
                    os.system(data[1:])
                    continue

                # Try to split commands by ; so that you can sequence multiple
                # commands at once.
                split_commands = data.split(';')
                for split_command in split_commands:
                    split_command = split_command.strip()
                    if not split_command:
                        continue

                    # If it's an internal command, we parse the input and split it
                    # between root command and arguments.
                    root, args = self.parse(split_command)

                    # Check if the command instructs to terminate.
                    if root in ('exit', 'quit'):
                        self.stop()
                        continue

                    try:
                        # If the root command is part of the embedded commands list we
                        # execute it.
                        if root in self.cmd.commands:
                            self.cmd.commands[root]['obj'](*args)
                            
                        # If the root command is part of loaded modules, we initialize
                        # the module and execute it.
                        elif root in __modules__:
                            module = __modules__[root]['obj']()
                            module.set_commandline(args)
                            module.run()

                            self.print_output(module.output, filename)
                            del(module.output[:])
                        else:
                            print("Command not recognized.")
                    except KeyboardInterrupt:
                        pass
                    except Exception as e:
                        print_error("The command {0} raised an exception:".format(bold(root)))
                        traceback.print_exc()